_00270000.mem.exe
Windows Exe (x86-32)
Created at 2019-05-13T19:45:00
Remarks (2/3)
(0x2000002): The maximum VM disk space was reached. The analysis was terminated prematurely.
(0x200000e): The overall sleep time of all monitored processes was truncated from "39 minutes, 35 seconds" to "13 minutes, 50 seconds" to reveal dormant functionality.
Monitored Processes
Behavior Information - Grouped by Category
Process #1: _00270000.mem.exe
12782
0
| Information | Value |
|---|---|
| ID | #1 |
| File Name | c:\users\5p5nrgjn0js halpmcxz\desktop\_00270000.mem.exe |
| Command Line | "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\_00270000.mem.exe" |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:00:38, Reason: Analysis Target |
| Unmonitor | End Time: 00:02:05, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:26 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xa3c |
| Parent PID | 0x45c (c:\windows\explorer.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
A40
0x
A54
0x
A58
0x
A5C
0x
A60
0x
A64
0x
A70
0x
A98
0x
BD0
0x
570
0x
78C
0x
6A8
0x
6BC
0x
8B0
0x
8BC
0x
8B4
0x
890
0x
88C
0x
8DC
0x
8E4
0x
8E8
0x
8E0
0x
8D8
0x
8D4
0x
8D0
0x
3D0
0x
8CC
0x
8C8
0x
8C4
0x
8C0
0x
8EC
0x
B0
0x
8AC
0x
97C
0x
8A8
0x
8FC
0x
89C
0x
8A0
0x
8A4
0x
898
0x
1EC
0x
5CC
0x
984
0x
734
0x
904
0x
7A0
0x
7C4
0x
39C
0x
5A4
0x
780
0x
240
0x
320
0x
114
0x
1E8
0x
438
0x
7B8
0x
7B0
0x
7BC
0x
58C
0x
7E0
0x
53C
0x
288
0x
6EC
0x
6E4
0x
4F0
0x
594
0x
204
0x
274
0x
318
0x
888
0x
7A4
0x
958
0x
894
0x
7A8
0x
7D4
0x
990
0x
580
0x
414
0x
4A4
0x
5C4
0x
30C
0x
410
0x
508
0x
408
0x
664
0x
40C
0x
5D8
0x
7E4
0x
7AC
0x
5B8
0x
488
0x
33C
0x
880
0x
87C
0x
878
0x
874
0x
870
0x
86C
0x
868
0x
864
0x
860
0x
85C
0x
858
0x
854
0x
850
0x
84C
0x
848
0x
844
0x
840
0x
83C
0x
838
0x
834
0x
830
0x
82C
0x
828
0x
824
0x
820
0x
81C
0x
818
0x
814
0x
810
0x
80C
0x
808
0x
804
0x
9D4
0x
9DC
0x
9F0
0x
9EC
0x
9E8
0x
9E0
0x
9D0
0x
9F4
0x
9C8
0x
A14
0x
9B4
0x
9A0
0x
9A4
0x
A18
0x
9C4
0x
9A8
0x
9CC
0x
9AC
0x
9BC
0x
99C
0x
998
0x
A38
0x
980
0x
988
0x
A44
0x
A48
0x
994
0x
534
0x
330
0x
A10
0x
A4C
0x
A0C
0x
A00
0x
A04
0x
A08
0x
9FC
0x
9F8
0x
A34
0x
A50
0x
A30
0x
A24
0x
A5C
0x
AB0
0x
3A4
0x
AE4
0x
A9C
0x
3C4
0x
3B8
0x
C0
0x
9E4
0x
63C
0x
3AC
0x
3B4
0x
B14
0x
B4C
0x
344
0x
94C
0x
B58
0x
B1C
0x
B20
0x
A94
0x
B0C
0x
B18
0x
A6C
0x
A7C
0x
3A8
0x
A68
0x
A74
0x
AAC
0x
A84
0x
A90
0x
BA4
0x
AEC
0x
A80
0x
A88
0x
BB4
0x
BB0
0x
BA8
0x
B9C
0x
618
0x
950
0x
B6C
0x
B98
0x
BD0
0x
BE0
0x
BF0
0x
BE8
0x
BD8
0x
BE4
0x
BDC
0x
AD4
0x
AD0
0x
AC8
0x
ADC
0x
AC4
0x
730
0x
750
0x
AD8
0x
ACC
0x
598
0x
5E8
0x
A28
0x
6E0
0x
78C
0x
A5C
0x
AB4
0x
B64
0x
380
0x
968
0x
AA8
0x
A98
0x
AA0
0x
AE8
0x
AF0
0x
B8C
0x
B68
0x
A8C
0x
A70
0x
37C
0x
AA4
0x
4FC
0x
7EC
0x
7CC
0x
31C
0x
6B8
0x
4C8
0x
24C
0x
4E8
0x
228
0x
720
0x
3F4
0x
C04
0x
C08
0x
C0C
0x
C10
0x
C14
0x
C18
0x
C20
0x
C24
0x
C30
0x
C34
0x
C38
0x
C3C
0x
C40
0x
C44
0x
C48
0x
C4C
0x
C50
0x
C54
0x
C58
0x
C5C
0x
C60
0x
C64
0x
C68
0x
C6C
0x
C70
0x
C74
0x
C78
0x
C7C
0x
C80
0x
C88
0x
C8C
0x
C90
0x
C94
0x
C98
0x
C9C
0x
CA0
0x
CA4
0x
CA8
0x
CAC
0x
CB0
0x
CB4
0x
CC0
0x
CC4
0x
CD4
0x
CD8
0x
CDC
0x
CE0
0x
CE4
0x
CE8
0x
CEC
0x
CF0
0x
CF4
0x
CF8
0x
CFC
0x
D04
0x
D08
0x
D0C
0x
D10
0x
D14
0x
D18
0x
D1C
0x
D20
0x
D24
0x
D28
0x
D2C
0x
D30
0x
D34
0x
D38
0x
D3C
0x
D40
0x
D44
0x
D48
0x
D4C
0x
D50
0x
D54
0x
D58
0x
D5C
0x
D60
0x
D64
0x
D68
0x
D80
0x
D84
0x
D88
0x
D8C
0x
D90
0x
D94
0x
D98
0x
D9C
0x
DA0
0x
DA4
0x
DA8
0x
DAC
0x
DB0
0x
DB4
0x
DB8
0x
DBC
0x
DC4
0x
DC8
0x
DCC
0x
DD0
0x
DD4
0x
DD8
0x
DDC
0x
DE0
0x
DE4
0x
DE8
0x
DEC
0x
DF0
0x
DF4
0x
DF8
0x
DFC
0x
E00
0x
E04
0x
E08
0x
E0C
0x
E10
0x
E20
0x
E24
0x
E28
0x
E2C
0x
E30
0x
E34
0x
E38
0x
E3C
0x
E40
0x
E44
0x
E48
0x
E4C
0x
E50
0x
E54
0x
E58
0x
E5C
0x
E60
0x
E64
0x
E68
0x
E6C
0x
E70
0x
E74
0x
E78
0x
E7C
0x
E80
0x
E84
0x
E88
0x
E8C
0x
E90
0x
E94
0x
E98
0x
E9C
0x
EA0
0x
EA4
0x
EA8
0x
EAC
0x
EB0
0x
EB4
0x
EB8
0x
EBC
0x
EC0
0x
EC4
0x
ECC
0x
ED0
0x
ED4
0x
ED8
0x
EDC
0x
EE0
0x
EE4
0x
EE8
0x
EEC
0x
EF0
0x
EF4
0x
EF8
0x
EFC
0x
F00
0x
F04
0x
F08
0x
F0C
0x
F10
0x
F14
0x
F18
0x
F1C
0x
F20
0x
F24
0x
F28
0x
F2C
0x
F30
0x
F34
0x
F38
0x
F3C
0x
F40
0x
F44
0x
F48
0x
F4C
0x
F50
0x
F54
0x
F58
0x
F5C
0x
F60
0x
F64
0x
F68
0x
F6C
0x
F70
0x
F74
0x
F78
0x
F7C
0x
F90
0x
F9C
0x
FA8
0x
FAC
0x
FB0
0x
FB4
0x
FB8
0x
FBC
0x
FC8
0x
FD0
0x
FD4
0x
FD8
0x
FDC
0x
FE0
0x
FE4
0x
FE8
0x
FEC
0x
FF0
0x
FF4
0x
574
0x
5B4
0x
308
0x
B48
0x
C84
0x
CBC
0x
6F8
0x
A20
0x
6B4
0x
914
0x
35C
0x
C1C
0x
D6C
0x
884
0x
59C
0x
CC8
0x
934
0x
518
0x
D70
0x
CD0
0x
D74
0x
D7C
0x
F90
0x
F8C
0x
F88
0x
FA4
0x
E1C
0x
F84
0x
928
0x
E14
0x
A78
0x
1004
0x
1008
0x
100C
0x
1010
0x
1014
0x
1018
0x
101C
0x
1020
0x
1030
0x
1034
0x
1038
0x
1058
0x
105C
0x
1060
0x
1064
0x
1068
0x
106C
0x
1070
0x
1074
0x
1078
0x
107C
0x
1080
0x
1084
0x
1088
0x
108C
0x
1094
0x
1098
0x
109C
0x
10A0
0x
10A4
0x
10A8
0x
10AC
0x
10B0
0x
10B4
0x
10B8
0x
10BC
0x
10C0
0x
10C4
0x
10C8
0x
10CC
0x
10D0
0x
10D4
0x
10E4
0x
10E8
0x
10EC
0x
10F0
0x
10F4
0x
10F8
0x
10FC
0x
1100
0x
1104
0x
1108
0x
110C
0x
1110
0x
1114
0x
1124
0x
1128
0x
112C
0x
1130
0x
1134
0x
1138
0x
113C
0x
1140
0x
1144
0x
1148
0x
114C
0x
1150
0x
1158
0x
115C
0x
1160
0x
1164
0x
1168
0x
116C
0x
1170
0x
1188
0x
118C
0x
1190
0x
1194
0x
1198
0x
119C
0x
11A0
0x
11A4
0x
11A8
0x
11AC
0x
11B0
0x
11B4
0x
11B8
0x
11BC
0x
11C0
0x
11C4
0x
11C8
0x
11CC
0x
11D0
0x
11D4
0x
11D8
0x
11DC
0x
11E0
0x
11E4
0x
11E8
0x
11EC
0x
11F0
0x
11F4
0x
11F8
0x
11FC
0x
1200
0x
1204
0x
1208
0x
120C
0x
1210
0x
1214
0x
1218
0x
121C
0x
1220
0x
1224
0x
1228
0x
123C
0x
1240
0x
1244
0x
1248
0x
124C
0x
1250
0x
1254
0x
1258
0x
125C
0x
1260
0x
1264
0x
1268
0x
126C
0x
1270
0x
1274
0x
1278
0x
127C
0x
1280
0x
1284
0x
1288
0x
128C
0x
1290
0x
1294
0x
1298
0x
129C
0x
12A4
0x
12A8
0x
12AC
0x
12B0
0x
12B4
0x
12BC
0x
12C0
0x
12C4
0x
12C8
0x
12CC
0x
12D0
0x
12D4
0x
12D8
0x
12DC
0x
12E0
0x
12E4
0x
12E8
0x
12EC
0x
12F0
0x
12F4
0x
12F8
0x
12FC
0x
1300
0x
1304
0x
1308
0x
130C
0x
1310
0x
1314
0x
1318
0x
131C
0x
1320
0x
1324
0x
1328
0x
132C
0x
1330
0x
1334
0x
1338
0x
133C
0x
1340
0x
1344
0x
1348
0x
134C
0x
1350
0x
1354
0x
1358
0x
135C
0x
1360
0x
1364
0x
1368
0x
136C
0x
1370
0x
1374
0x
1378
0x
137C
0x
1380
0x
1384
0x
1388
0x
138C
0x
1390
0x
1394
0x
1398
0x
139C
0x
13A0
0x
13A4
0x
13A8
0x
13AC
0x
13B0
0x
13B4
0x
13B8
0x
13BC
0x
13C0
0x
13C4
0x
13C8
0x
13CC
0x
13D0
0x
13D4
0x
13D8
0x
13DC
0x
13E0
0x
13E4
0x
13E8
0x
13EC
0x
13F0
0x
13F4
0x
13F8
0x
13FC
0x
F80
0x
230
0x
6E8
0x
D00
0x
F98
0x
7B4
0x
F94
0x
FF8
0x
FA0
0x
F9C
0x
360
0x
FC4
0x
FC0
0x
CCC
0x
FFC
0x
103C
0x
184
0x
E18
0x
1054
0x
1044
0x
102C
0x
1040
0x
494
0x
444
0x
910
0x
1024
0x
1028
0x
10E0
0x
122C
0x
390
0x
4EC
0x
1238
0x
1234
0x
1230
0x
1180
0x
2AC
0x
908
0x
1404
0x
1408
0x
140C
0x
1410
0x
1414
0x
1418
0x
141C
0x
1420
0x
1424
0x
1428
0x
142C
0x
1430
0x
1434
0x
1438
0x
143C
0x
1440
0x
1444
0x
1448
0x
144C
0x
1450
0x
1454
0x
1458
0x
145C
0x
1460
0x
1464
0x
146C
0x
1470
0x
1474
0x
1478
0x
147C
0x
1480
0x
1484
0x
1488
0x
148C
0x
1490
0x
1494
0x
1498
0x
149C
0x
14A0
0x
14A4
0x
14A8
0x
14AC
0x
14B0
0x
14B4
0x
14B8
0x
14BC
0x
14C0
0x
14C4
0x
14C8
0x
14CC
0x
14D0
0x
14D4
0x
14D8
0x
14DC
0x
14E0
0x
14E4
0x
14E8
0x
14EC
0x
14F0
0x
14F4
0x
14F8
0x
14FC
0x
1500
0x
1504
0x
1508
0x
150C
0x
1510
0x
1514
0x
1518
0x
151C
0x
1520
0x
1524
0x
1528
0x
152C
0x
1530
0x
1534
0x
1538
0x
153C
0x
1540
0x
1544
0x
1548
0x
154C
0x
1550
0x
1554
0x
1558
0x
155C
0x
1560
0x
1564
0x
1568
0x
156C
0x
1570
0x
1574
0x
1578
0x
157C
0x
1580
0x
1584
0x
1588
0x
158C
0x
1590
0x
1594
0x
1598
0x
159C
0x
15A0
0x
15A4
0x
15A8
0x
15AC
0x
15B0
0x
15B4
0x
15B8
0x
15BC
0x
15C0
0x
15C4
0x
15C8
0x
15CC
0x
15D0
0x
15D4
0x
15D8
0x
15DC
0x
15E0
0x
15E4
0x
15E8
0x
15EC
0x
15F0
0x
15F4
0x
15F8
0x
15FC
0x
1600
0x
1604
0x
1608
0x
160C
0x
1610
0x
1614
0x
1618
0x
161C
0x
1620
0x
1624
0x
1628
0x
162C
0x
1630
0x
1634
0x
1638
0x
163C
0x
1640
0x
1644
0x
1648
0x
164C
0x
1650
0x
1654
0x
1658
0x
165C
0x
1660
0x
1664
0x
1668
0x
166C
0x
1670
0x
1674
0x
1678
0x
167C
0x
1680
0x
1684
0x
1688
0x
168C
0x
1690
0x
1694
0x
1698
0x
169C
0x
16A0
0x
16A4
0x
16A8
0x
16AC
0x
16B4
0x
16B8
0x
16C0
0x
16C4
0x
16C8
0x
16CC
0x
16D0
0x
16D4
0x
16D8
0x
16DC
0x
16E0
0x
16E4
0x
16E8
0x
16EC
0x
16FC
0x
1700
0x
1704
0x
1708
0x
170C
0x
1710
0x
1714
0x
1718
0x
1738
0x
173C
0x
1740
0x
1744
0x
1748
0x
174C
0x
1750
0x
1754
0x
1758
0x
175C
0x
1760
0x
1774
0x
1778
0x
177C
0x
1780
0x
1784
0x
1788
0x
178C
0x
1790
0x
1794
0x
17A4
0x
17A8
0x
17AC
0x
17B0
0x
17B4
0x
17B8
0x
17BC
0x
17C0
0x
17C4
0x
17C8
0x
17CC
0x
17D0
0x
17D4
0x
17D8
0x
17DC
0x
17E0
0x
17E4
0x
17E8
0x
17EC
0x
17F0
0x
17F4
0x
17F8
0x
17FC
0x
1120
0x
C8
0x
117C
0x
1804
0x
1808
0x
180C
0x
1810
0x
1814
0x
1818
0x
181C
0x
1820
0x
1824
0x
1828
0x
1874
0x
18A0
0x
18A4
0x
18A8
0x
18AC
0x
18B0
0x
18B4
0x
18B8
0x
18BC
0x
18C0
0x
18C4
0x
18C8
0x
18CC
0x
18D0
0x
18D4
0x
18E8
0x
18EC
0x
18F0
0x
18F4
0x
18F8
0x
18FC
0x
1900
0x
1904
0x
1908
0x
190C
0x
1910
0x
1914
0x
1918
0x
191C
0x
1920
0x
1924
0x
1928
0x
1988
0x
198C
0x
1990
0x
1994
0x
1998
0x
199C
0x
19A0
0x
19A4
0x
19A8
0x
19CC
0x
19D0
0x
19D4
0x
19D8
0x
19DC
0x
19E0
0x
19E4
0x
19E8
0x
19EC
0x
19F0
0x
19F4
0x
19F8
0x
1A28
0x
1A2C
0x
1A30
0x
1A34
0x
1A38
0x
1A3C
0x
1A40
0x
1A44
0x
1A48
0x
1A4C
0x
1A50
0x
1A54
0x
1A58
0x
1A90
0x
1A94
0x
1A98
0x
1A9C
0x
1AA0
0x
1AA4
0x
1AA8
0x
1AAC
0x
1AB0
0x
1AB4
0x
1AB8
0x
1AD4
0x
1AD8
0x
1ADC
0x
1AE0
0x
1AE4
0x
1AE8
0x
1AEC
0x
1AF0
0x
1AF4
0x
1AF8
0x
1AFC
0x
1B00
0x
1B04
0x
1B08
0x
1B0C
0x
1B10
0x
1B14
0x
1B18
0x
1B1C
0x
1B20
0x
1B24
0x
1B28
0x
1B2C
0x
1B30
0x
1B34
0x
1B38
0x
1B3C
0x
1B40
0x
1B44
0x
1B48
0x
1B4C
0x
1B50
0x
1B54
0x
1B58
0x
1B6C
0x
1B70
0x
1B74
0x
1B78
0x
1B7C
0x
1B80
0x
1B84
0x
1B88
0x
1B8C
0x
1B90
0x
1B94
0x
1B98
0x
1B9C
0x
1BA0
0x
1BA4
0x
1BA8
0x
1BAC
0x
1BB0
0x
1BB4
0x
1BB8
0x
1BBC
0x
1BC0
0x
1BC4
0x
1BC8
0x
1BCC
0x
1BD0
0x
1BD4
0x
1BD8
0x
1BDC
0x
1BE0
0x
1BE4
0x
1BE8
0x
1BEC
0x
1BF0
0x
1BF4
0x
1BF8
0x
1BFC
0x
150
0x
764
0x
75C
0x
1C04
0x
1C08
0x
1C0C
0x
1C10
0x
1C14
0x
1C18
0x
1C1C
0x
1C20
0x
1C24
0x
1C28
0x
1C2C
0x
1C30
0x
1C34
0x
1C38
0x
1C3C
0x
1C40
0x
1C44
0x
1C48
0x
1C4C
0x
1C50
0x
1C54
0x
1C58
0x
1C5C
0x
1C60
0x
1C64
0x
1C68
0x
1C6C
0x
1C70
0x
1C74
0x
1C78
0x
1C7C
0x
1C80
0x
1C84
0x
1C88
0x
1C8C
0x
1C90
0x
1C94
0x
1C98
0x
1CC0
0x
1CC4
0x
1CC8
0x
1CCC
0x
1CD0
0x
1CD4
0x
1CD8
0x
1D28
0x
1D2C
0x
1D30
0x
1D34
0x
1D38
0x
1D3C
0x
1D40
0x
1D44
0x
1D48
0x
1D4C
0x
1D50
0x
1D78
0x
1D7C
0x
1D80
0x
1D84
0x
1D88
0x
1D8C
0x
1D90
0x
1D94
0x
1D98
0x
1D9C
0x
1DA0
0x
1DA4
0x
1DA8
0x
1DAC
0x
1DB0
0x
1DB4
0x
1DB8
0x
1DBC
0x
1DC0
0x
1CD0
0x
1B38
0x
1B40
0x
1B3C
0x
1C80
0x
1C5C
0x
1C7C
0x
1E14
0x
1E18
0x
1E1C
0x
1E20
0x
1E24
0x
1E28
0x
1E2C
0x
1E30
0x
1E34
0x
1E38
0x
1E3C
0x
1E40
0x
1E7C
0x
1E80
0x
1E84
0x
1E88
0x
1E8C
0x
1E90
0x
1E94
0x
1E98
0x
1E9C
0x
1EA0
0x
1EA4
0x
1EB8
0x
1EBC
0x
1EC0
0x
1EC4
0x
1EC8
0x
1ECC
0x
1ED0
0x
1ED4
0x
1F0C
0x
1F10
0x
1F14
0x
1F18
0x
1F1C
0x
1F20
0x
1F24
0x
1F28
0x
1F2C
0x
1F30
0x
1F34
0x
1F38
0x
1F74
0x
1F78
0x
1F7C
0x
1F80
0x
1F84
0x
1F88
0x
1F8C
0x
1F90
0x
1FC4
0x
1FC8
0x
1FCC
0x
1FD0
0x
1FD4
0x
1FD8
0x
1FDC
0x
1FE0
0x
1CEC
0x
768
0x
630
0x
68C
0x
1CFC
0x
784
0x
1CF4
0x
201C
0x
2020
0x
2024
0x
2028
0x
202C
0x
2030
0x
2034
0x
2038
0x
203C
0x
2040
0x
2044
0x
2160
0x
2164
0x
2168
0x
216C
0x
2170
0x
2174
0x
2178
0x
217C
0x
2180
0x
2184
0x
2188
0x
218C
0x
2190
0x
2194
0x
2198
0x
21AC
0x
21B0
0x
21B4
0x
21B8
0x
21BC
0x
21C0
0x
21C4
0x
21C8
0x
21CC
0x
21D0
0x
21D4
0x
21D8
0x
21DC
0x
21E0
0x
21E4
0x
21E8
0x
21EC
0x
21F0
0x
21F4
0x
21F8
0x
21FC
0x
2200
0x
2204
0x
2208
0x
220C
0x
2210
0x
2214
0x
2218
0x
221C
0x
2220
0x
2224
0x
2228
0x
222C
0x
2230
0x
2234
0x
2238
0x
223C
0x
2240
0x
2244
0x
2248
0x
224C
0x
2250
0x
2254
0x
2258
0x
225C
0x
2260
0x
2264
0x
2268
0x
227C
0x
2280
0x
2284
0x
2288
0x
228C
0x
2290
0x
2294
0x
2298
0x
229C
0x
22A0
0x
22A4
0x
22A8
0x
22AC
0x
22B0
0x
22B4
0x
22B8
0x
22BC
0x
22C0
0x
22C4
0x
22C8
0x
22CC
0x
22D0
0x
22D4
0x
22D8
0x
22DC
0x
22E0
0x
22E4
0x
22E8
0x
22EC
0x
22F0
0x
22F4
0x
22F8
0x
22FC
0x
2300
0x
2304
0x
2338
0x
233C
0x
2340
0x
2344
0x
2348
0x
234C
0x
2350
0x
2354
0x
2358
0x
23FC
0x
1EDC
0x
20D4
0x
744
0x
8F4
0x
98C
0x
8F8
0x
9B8
0x
1EDC
0x
8B8
0x
23FC
0x
1EAC
0x
1E18
0x
2404
0x
2408
0x
240C
0x
2410
0x
2448
0x
244C
0x
2450
0x
2454
0x
2458
0x
245C
0x
2460
0x
2464
0x
2468
0x
246C
0x
2470
0x
2474
0x
2478
0x
247C
0x
2480
0x
2494
0x
2498
0x
249C
0x
24A0
0x
24A4
0x
24A8
0x
24AC
0x
24B0
0x
24B4
0x
24B8
0x
24BC
0x
24E0
0x
24E4
0x
24E8
0x
24EC
0x
24F0
0x
24F4
0x
24F8
0x
24FC
0x
2500
0x
2504
0x
2508
0x
250C
0x
2510
0x
2514
0x
2518
0x
251C
0x
2520
0x
2524
0x
2528
0x
252C
0x
2530
0x
2534
0x
2538
0x
253C
0x
2540
0x
2544
0x
2548
0x
254C
0x
2550
0x
2554
0x
2558
0x
255C
0x
2560
0x
2564
0x
2588
0x
258C
0x
2590
0x
2594
0x
2598
0x
259C
0x
25A0
0x
25A4
0x
25A8
0x
25AC
0x
25B0
0x
25B4
0x
25B8
0x
25BC
0x
25C0
0x
25C4
0x
2600
0x
2604
0x
2608
0x
260C
0x
2610
0x
2614
0x
2618
0x
261C
0x
2620
0x
2624
0x
2628
0x
262C
0x
2630
0x
2634
0x
2644
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| _00270000.mem.exe | 0x30000000 | 0x302CCFFF | Relevant Image | - | 32-bit | - |
|
|
|
Dropped Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\ga[1].js.RYK | 42.35 KB |
MD5:
ee9202da5b792b97b284273fbc1b796b
SHA1: b5af37536a13af1322883bdb0d2929dda07cc2dd SHA256: 673a0b22e2cb18366da3a92313c26ed8e74a188c5691f26d01692e0ca59ed96e SSDeep: 768:XNWDmE2vSjjYB4d3GcoUckn9DtuVfKaOSyF5ltguH44IK8xSDsq:XU86Gc+kvuCaOSyFKuH44AEoq |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\528d82a2[1].js.RYK | 11.97 KB |
MD5:
053686ca0b3ac0f2966a07a4b86cb9ff
SHA1: 24c6c6fa9b05cea61c4b773ac828159b8c4f1a6a SHA256: 3e6c5dd5cf9318af9a5715c34ab02bebf40eab6a7cad65f7ddd61b6b7adbfc00 SSDeep: 192:pq8o5I9sx0IsNjXdmiKJ8mspWYo/414DWgh0zAhnF1JNW1fnocR0tXphAWeFzSc+:pTo69o2N78JXspWYo/GFUFNNgwB8Wekh |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\player[2].jspg.RYK.RYK | 24.10 KB |
MD5:
723cb47194bbe21a9c50df50d46665ed
SHA1: 30fd49192513efb6c40770da34204f94eb7b0663 SHA256: 0abcbb36e6e58f11a7087d5e13ff07203db9f950f5be7dd4c725321dccf04d3e SSDeep: 768:kQPEzf9G3AotYsTIXQ2lHahnbdMabvqzGI0Zh2:tPEzletrT32lHuvvqzmO |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\player[1].jspg.RYK.RYK | 27.13 KB |
MD5:
14bcfc99f0cad7daade66465c44df21a
SHA1: d2aadbb3008e00f48de4bc65f7297d7ed90d466d SHA256: aa75b6b6d88247ad36de55f8d0b7a2aaf0cc9579b0d4797e79742deb831599be SSDeep: 768:mViqlRUadY+l2CSPP0FqqDWiAUN3VT1s4bG2:EiqYad2VHIqOoUN3VTPt |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\ast[2].js].jpg.RYK.RYK | 70.33 KB |
MD5:
7819dfe741f2528ebc0814912aeb3e78
SHA1: 96067c2a5e95da690ea4694540e44f5cf9c4614a SHA256: 44f09f0328804e4f1f2a34fcb9afdcf86a802e1d918335ade167919e025618eb SSDeep: 1536:GQCmPpyIozM0cgonlud5IG9z95qVkAy9d:zjodWa5Ii95qVk7 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\YG1R61Z8\ast[1].jsni.RYK.RYK | 70.33 KB |
MD5:
f51f85d6956748470a1570ce1a8b3633
SHA1: 2b575793816a5c0c65fabda4365977606822fa2b SHA256: b65b855fe899fe450ccafae6c94b58081afe16193dbf3b007b892296e5157df1 SSDeep: 1536:p7rgGG11+Iv+opRMhkHdMI81TVNV4aThy4a59J4d7zE8AfnBD9L:p3gPfy0x9MT/VU5HWzE8sL |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\YG1R61Z8\adex[1].js.jpg.RYK.RYK | 36.74 KB |
MD5:
39eea7ec9a78e3b534953d137cb55dcf
SHA1: 1c7385d28e15b09456041f51d0c97cbd293d8a34 SHA256: df2bb18d593ec7c4a2703edf3a65a5eedc0536d35bb31c086959d9dabf7a053c SSDeep: 768:a/f9b5SAKg9wvrJCecP7NXaA+XFhWom3yeuP2+ERY5G7A:IfV5lnAVC/+1hWoAy9PGYs8 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Bears.htm.RYK | 530 bytes |
MD5:
4fec7529f20e63128e127ab2c41f8eac
SHA1: 83cbd7a6f2c2b5013351e9afd9869d257bd33e8f SHA256: 476d6e6c7330528ba065f3b6e9bfe94503b5b2f5b93d18690103a51fe6a9a00f SSDeep: 12:GFyPl78VyRhhT/fXWasuTZ2LnmZYGmfviSk0nJi2:SyP1fXWasuT8nmZYGeT |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Hand Prints.htm.RYK | 514 bytes |
MD5:
d4088f973049001a4bed0fbd8ade85bf
SHA1: 61933c0ac555b7d02ddc921aa8e037c06c7ce9dd SHA256: bfac70284caaffa1b08df6e561c284268028ab32afced21b836e1830334a4955 SSDeep: 12:3ztn/qYwxtGr73pst7btbUldhu699xV87w:3zOtibpsdWHd4w |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Garden.htm.RYK | 514 bytes |
MD5:
6b2646137f0fb5390ba64b49b60623d9
SHA1: 5f139fa32075ecbe612f95c47ec16668fd1392d4 SHA256: ec5660f95c7c8875bebf6aaca3f68951b8a5134bfe5601fe58d8743606a5e53f SSDeep: 12:mTT7eDJjXpY0ktGs8XbQAySvaVVNAYQSD0W6X5/VsoYJdd/mbox:mTTs7RkbkaVHAbDX4oYJdiox |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Peacock.htm.RYK | 514 bytes |
MD5:
0e5c2c48d36d5f4e2c70daaeedaf2c2e
SHA1: eac536a6763a93529d775541dcf07d594019e336 SHA256: 55bbe56d5f9547a7eef9d8cc8734334af4c9244738097743b3ef6e96e44539bc SSDeep: 12:h6nc9EHEgIU7rDbHpcDMkWCyNjf7BHFXk2lISODnj:hd9uSU7/CCflH+2lCj |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Stars.htmndex.dat.RYK.RYK | 514 bytes |
MD5:
53dae1146fa105f8ca894b4078fc8569
SHA1: 735eb8ccaac3e7557b9cd41d2fd546c4887bc50d SHA256: db5685028059d91ee82de9c540f8ce69abf1d569118453e0b928d7ba6879125f SSDeep: 12:14GBK87Svkkm86VcxTO5zX7A5hbz8wVpQB:1RK87kkk9xTpbwuQB |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Roses.htmt.RYK.RYK | 514 bytes |
MD5:
a71f586b6c144be6e745a14ae2f23981
SHA1: d7b92d7dcaef6d559501992989bdd021469b3ee8 SHA256: 0d37896b934beba75095a724a526d9ddab758c4df7cbb5e3e00ed4a98f78d205 SSDeep: 12:r3QU9xQSNaI/+sH6FjmE76m7gN2xsj+0VV4e70wqW:r3/QWWIE76m7gNHZVVt0dW |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Soft Blue.htm.RYK | 514 bytes |
MD5:
622ce858b81fe1cb6eecdee9620ab7d9
SHA1: f1f657821ed3bed1486d2d87417932b4682092c4 SHA256: 121233dcbb1e0122bb15e18c693cbb6c8b0ee486e64d446e5e7ee8684b926510 SSDeep: 6:nYRkcLr9eqD+XRh5gEw02z26j5/fAWWdcx+cK/oZ0g2hJdcd0Klg2iC83j0HV4AR:QoT5gaVYfAWaWkQ29cd0R2ibj6/7a9xG |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Orange Circles.htm.RYK | 514 bytes |
MD5:
2ff53aae4c37f79c95ccc01220b62a9c
SHA1: 8eab7fbd703fd6d2c2246ce8dc9bc6df7ec05be6 SHA256: 71ff4c8aa73d6a0474d6225c130754d2d03c4987ef42f9dc3e8c8178c0181eeb SSDeep: 12:q0ArHQjEdctTXYhjCWuu1HBIVS9cZl1rL/WC+8ISz:swmct7kBYVS9cZfJHz |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Shades of Blue.htm.RYK | 514 bytes |
MD5:
579efafd85a6e0e13e530f96c23587b4
SHA1: 0797afd3032a3d03766d38011c0b4f466e2960ff SHA256: 98c134e5f7150a81ecfa2e02c30cc05183320ad480ceb144791e09d8b2a48699 SSDeep: 12:ORqcpBhij1d7AbEEwSXnpO6MF0bNBgbJn52zcKr8sNgfrNIbG:OA2BUj1dMumMFKNB0J52zcu8RNz |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\XT1RPYG9\desktop.ini.RYK | 354 bytes |
MD5:
39d001b0e64207b0e3b7b31cb83d3d43
SHA1: 0a896f3c00ae2e72750df460159219f1fe14d93f SHA256: 2cbc4fceec6ed084546d987a9da89e1f7beb3e5d2aed32945c05406e95a03378 SSDeep: 6:s/jF6EgWn2DtTNqaENqoZRqhEjcwNkoOFdaYiBd1nJnTDc1aOrA7eio4y+elI:EZtcNqaXqjIw4dard/TY1FrA7i4y8 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\Passport[1].htm.RYK | 610 bytes |
MD5:
9617753f83fde7e471e751590df231a0
SHA1: ac1ad80b1576f025d41db1f235e2c4cf61d4adf4 SHA256: aab41ceaeecbf7976f322f1ac942801a0959999e282357ef5b0491915a1c4bb8 SSDeep: 12:ZvLhC0ZYcQG+nnJyMaZJNNOLG/Uk9YW0e71RbUe84BCtYMpK5aK9Ln:ZTM0ZYJG+na7H7M+06j84wGMpKEiL |
|
|
| C:\RyukReadMe.html | 627 bytes |
MD5:
f48be7d543fe213b04e143f0f3272d6c
SHA1: 836a25eda466ae4eaab43faed0ab8a2aee9938e7 SHA256: 3b89d4b0f9ece4e6638803e25a29ef1ad0525bd3c656e20c32d553dca54d557d SSDeep: 12:kJlzq5L/C2/eRez2/EbHeIH/GJHbr+OsKXUM:kJlWqmeRImiHzbM |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\postmessageRelay[1].htm.RYK | 786 bytes |
MD5:
d19aaa95a074546aa5717c83e2318819
SHA1: a65a9ec1b86c3d1598fa1d87e4463175fd8313d6 SHA256: 9a775b8cd34e74f7e7bb5a1028fcbecd669f0e0c45e289bee8f5862300760864 SSDeep: 24:IHaUd9nLj/IMczalQcKHwaL53pcLpocWwfjVx1:IHaqACJXaLQLpl17Vx1 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\index[1].htm.RYK | 45.97 KB |
MD5:
555804930e45297029a15b93103dab0d
SHA1: fcf8745ffd5422cb1a788358dc4cb79ca8a64408 SHA256: d958b09b24124d0f632b9101a6bdd039d853cb0fd302ced57af857c998202ee1 SSDeep: 768:kWsg2A/qX001szNHkcMrZZjuFSDG8DVbdGy8i4vmH9Y6V8YXRgxtOIf0bxapW2m:neACXRsO3j7KOVbIOUmH9Y6V8YXwxfY/ |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\YG1R61Z8\uid[1].htm.jpg.RYK.RYK | 2.83 KB |
MD5:
f4510e7fbceb3e600b24d2a6e57217c5
SHA1: fc40d96b147f290faf1a4edd1b58a6dc4b83e268 SHA256: b94e556f49968f6cb123787ae24725358965b11f02623946d07c7d874de58e09 SSDeep: 48:ww1Xoz8RRIHDGEOGmCAIhI2gIS+c5HneH6O4AyeAOJ8cLsezwsJviuVY:ww1XYec6BnIhIdIS+E7eAO3opILVY |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\YG1R61Z8\26158[1].pngng.RYK.RYK | 48.36 KB |
MD5:
d553b06ac0cb1fe3a0e0d8185cbb3323
SHA1: 3792b5bfea4dacd292098197d30602990f10a6cc SHA256: a32b75f6478ee05b2288561e2cba103fd60dfb7da605616a48271fd45ec6d388 SSDeep: 1536:LShLGEVBmpWnufzLCM4ha7QNV1BxZe4c+t/:LShLprufzLJ4s7onsU/ |
|
|
| c:\programdata\microsoft\crypto\rsa\machinekeys\08e575673cce10c72090304839888e02_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 52 bytes |
MD5:
93a5aadeec082ffc1bca5aa27af70f52
SHA1: 47a92aee3ea4d1c1954ed4da9f86dd79d9277d31 SHA256: a1a21799e98f97f271657ce656076f33dcb020d9370f1f2671d783cafd230294 SSDeep: 3:/lE7L6N:+L6N |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\UserCache.bin.RYK | 75.94 KB |
MD5:
b4f79bbc7ae933358159f45898cab4b6
SHA1: 856730949d50d0f48a4e670716057a4727257970 SHA256: 66d348a1b9a0c8dab088952f32c9f0407b79d0d379d2347b571c6694490480d8 SSDeep: 1536:4S9lc3Ha2v7NLYnT3euKX1dMF8O6q4dLRsFa4RiYO:07v7NLs3e/X1U+LRqUX |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini.RYK | 434 bytes |
MD5:
b3b84c42c0370c4f7840111cf40b6f1f
SHA1: 969c7d7dacacd0bbf9ddde4222715d7dc9e074a0 SHA256: 8e10057db875b2819af0ba0b708a5a9413574e1de020cf451a8533e94e2f6941 SSDeep: 12:4yvVyh9SurSkr6oZadFzKRcvThJcYOdyscKX9R4:4iyLBekr68adRKUT0Hdlz4 |
|
|
| C:\Boot\BOOTSTAT.DAT | 64.28 KB |
MD5:
49e51a83076d962d283d9eb4271987a6
SHA1: 0dca3b878be392a96fa0e6862ddab1ba326c0523 SHA256: 2c6886f3f4d5d50a0091e2de4eee10a65d7153e0df0939d6e883f05d19d5ef80 SSDeep: 1536:W8wN3ryVX10ynbV9fT4ZXoCfeE+GTY5lUESUNp1yXRD7HJVJc7:PA8X10QbP8XoGTmlUyp107HJY7 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeSysFnt10.lst.RYK | 135.49 KB |
MD5:
00f1179ec97cb4b8ccd7a509664304a3
SHA1: f01426f4196c0c6c07e5b657ebef3f9ba5d69144 SHA256: ca6bc26ae14afbcb9e6f6fd73b0471f1e0b89b8a0fcd1625711c5e8800ecf6f4 SSDeep: 3072:kq9eyCkzB43YBuaYPaP/0YMm1umsp1J7xtOJIywDkLuSNOqx:km1d43auniMmomsBFtgBKS |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\SharedDataEvents.RYK | 5.28 KB |
MD5:
cbb593ba1070628e00b0cf7235360b08
SHA1: 722dc506f7c5e8c9d1abf797bdc243fd9f991029 SHA256: c0e64a6addb7f89ba178ca377aa36742cdd5c4b18f079ae236249667fe845efa SSDeep: 96:cIPAfh2U7UQf3QASV7XXYQW5lnWHpO9HUOOJGYGbfFwu96Bst9qkRA:zPEwU7UYAAeXYvfnYp2cJGYGpa/ |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst.RYK | 34.56 KB |
MD5:
7fde72023dceebae31500eecc4294008
SHA1: 73c06f3f985ba082f99fc722bd000eb011b9828a SHA256: c150bcc1b17424e366a83dcb35da62d72245155a86416b30b83efec2467e88c3 SSDeep: 768:aNZJNWLK/PUvLnMm5WUwdvI9JX1zll1VbQCwyT1q:4hWLKEvhWUwd0R1zll1VbtxJq |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK | 1.42 KB |
MD5:
4fe627757cf36a28ece91b4d679cebf0
SHA1: 4b30210cfb7c0dcabef857057e3a34c24e45093b SHA256: 45a822129b41807f9bebb03b08031077dddb7813561dee89c2fb4ed5687b6485 SSDeep: 24:OKoMD0b/qW99ukfxDEGD/wBLEcnWrAkpth6SUMRHl4dMe9KAkwIkWWJzo:OVG0b/H9uYFEGjKLE/rrh3UWH8A04WJU |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK | 64.94 KB |
MD5:
78f1358345bb7a72f3713971ca7c72a3
SHA1: c6f8ff7ff41988ec97d75e6c2b88addf477c4199 SHA256: 14ce307ddac9b396ed62d8a541e953299498ed87c1daf51d751206b02cc948c0 SSDeep: 1536:kWXieTWEd64Fr0NpekaBeNYOMDpai36Tw1zZF7R4Bt/WvdBqF:kWSeTbwErepescDpb36c1zwydYF |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst.RYK | 52.22 KB |
MD5:
0274b75d61446e17e6c1b93b75fcdd49
SHA1: 5cfabf7d40a8489331205a42bcf3770c40339c0d SHA256: 2ab7637c8b219b86e972cee4b6b296bb15dd846268c878dd02d26990ba1576a4 SSDeep: 1536:I/srcv5l4dah7jDqF9ugjw9T1kLFcAHjpn:5cxQgHDngjoZkZckl |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK | 2.89 KB |
MD5:
7058e83a7d360ff14655d6e3ba74ed8c
SHA1: 7425ec2b46841226f936949cfcaf5d9d3aeed8ec SHA256: 3b20a5bfa8e6ed451245238b53275b7ec522e26d2895962fb4f87a6c173e9beb SSDeep: 48:jFi7lUwaKe16KliuObMBeJyY79nGDjvLg3qIE0mgoTBGx9V+CUvf369fCVWCiDf2:hi7lUwaKzBbMBecYMbz8mpTIdUaGWFT2 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db.RYK | 1.15 MB |
MD5:
354e683c329e94cfa06d7de0ae4a6d93
SHA1: f3a92cba72ff93cc55fcabc56d41846a92700561 SHA256: 14d92d1aeef01c2be6c1f83647491a0e43c8ce2c48ddfcd20057224783324cf7 SSDeep: 24576:wAzvKS6LUC89rGRLju5XjuVqFz+j7VQEOAO5OiHR:KHUCDvE6VqwCEOAO4ix |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\GDIPFONTCACHEV1.DAT.RYK | 106.55 KB |
MD5:
29396e88281de23da980d1bcc76658f7
SHA1: 36273608cea8d5eaf71a0dce1990ce589080a605 SHA256: 6c15591511c775bc7cdf35d791dc87a3d7ecc8e1e6984e78097c609312bf0579 SSDeep: 1536:bXYOrT8VOjk5uAqgp4mcbM+qCoa0jcdyGmtoa/7Kl2mrED3JnFLy87dOQgJVsQ7U:cOrgEjQ/Gbtt0AYGmWa/+lQn4uQH7Ud |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\bamyKU.jpg.RYK | 71.94 KB |
MD5:
d036a10c6f77a2722719383dcbdb5689
SHA1: 9a811a0d53a32e3356cae42a73d3ef0ce2ce68b1 SHA256: ac92b8b34e7becd3570a61d1dc59875da9d987c509a21a7bdf68b9e6b99c7987 SSDeep: 1536:ipjDvmD6MXj1VDx+KC70reHp/f805L87NXw+R/4d/qXNDDswuU1ykn:EjbS6qmCeHpXZZ87NJkqXNDDsY1yM |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\AdobeARM.log.RYK | 1.02 KB |
MD5:
8b06a8e8884826674765b8fda967ca46
SHA1: df7cd0ed8959847b3a6521d9c703294aa352f1b2 SHA256: 824096793a04f8533bdcb41d99ab712443580c34a077483fa588913a946e766e SSDeep: 24:oUvy+hG74ujT2onOH3TdlZXm2+xjt25yYOeY1SfYunDX7D98tF:p76jSono3pzR+6gb1SfYunnKF |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Cookies\index.dat.RYK | 16.28 KB |
MD5:
0e7a4d3aa8ffb2f7180c6d097c7ed194
SHA1: fbe0dec08514f21689ba1d0a8319e82450c13081 SHA256: bf14b8edcade8463e418853c1c8934feff385f96166cbf735d1d82871f1c72e1 SSDeep: 384:v1yNcnbCFeu4x/gBfKl2oVMvzRC/Q+obYm+kUI:M8OFcCfC2m8FYQ+A/+C |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\-a7SmuxhmwT.doc.RYK | 83.03 KB |
MD5:
a03aa1dbdf4ad79e1c24c634b71ef217
SHA1: 12ba77b7db5d3e2f32a2ea1ce544f5d39f7a2760 SHA256: b4c3d3f6776d0b6d146b46ed1f908c63712fb7fd1b59ef708d0934409290e886 SSDeep: 1536:EowqcNYQPz7l7rddPjnLkLHQtcprUtfiaZuWkPEKnr6YekjdX2y96wNqZy2Yat87:uEQb7lPdFs7CWUVhQE4r6YdtVFNb2Yaa |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Pt6EdEMYkXGVOlL.wav.RYK | 73.36 KB |
MD5:
41cff4551060ec97fcef309da4848824
SHA1: 2e1a0e97ba901b13d41ef3cb87a0bde1a418c3bc SHA256: c3df6174769326eab7f5cc97bdc0664a7682e4e63ec75495f95e73ca44495cab SSDeep: 1536:qUEhy9xGunLluoiRZOb8AJi/lWO/NF6ndxUOmrpKikU:qUEo9FuoSgbdi9VNFOD6NkU |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\poiRR3VU0BNb4H.mp4.RYK | 27.60 KB |
MD5:
9d1808ba9cc1225466468e650cff09d5
SHA1: 7070dad11833649dc418a5b1ce89b0be9c44a146 SHA256: 9590f1b3037114529a9e07b59ac551e1d498261b89fc2bb6749f73331da4577f SSDeep: 768:WbwKxUH0jB+PMKBw01KmM3wnR2RTaFvi8:WbwEUUWBwtmM3wR4aN |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\IrsixE.wav.RYK | 88.72 KB |
MD5:
a683a82fa02a7c21b84c89f9d4a2cc8b
SHA1: ceba945efab4df1c3f0a309156f96250cf0c48b7 SHA256: 84f217320eb8bfc67149e29aff9791cf8dbad2a17d471d7d1206dda988892eaf SSDeep: 1536:64L470f21PXzJHSkTQLsylclKb2XN7hPM6ZIU/RAkFX1wXvzQjiFwNiMgU:/U70O1rJ1cLsGeKb2bPMgIUJLFSXvzvE |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\GFXDbgy2_p.mp3.RYK | 50.42 KB |
MD5:
f96346f11fe377f9ec6111f7330d6f94
SHA1: 2bf8c883547389fe5eeba17acd23a8997b193068 SHA256: 4b73fe615ac232304b57d9622268df817f282cd308dd8e7d38c332063a2c5287 SSDeep: 1536:9rM5gcDtHvo7+EnQSpI7ThemoRPM20OY73FWWot:lk11voC39k9AnQWot |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\d5RHPi.m4a.RYK | 8.24 KB |
MD5:
f2dd4d4fdfddf2e1a8f2fcfa600fe252
SHA1: 35a56191fafd7ab7f7fe28ae2496969b82f57897 SHA256: 24e99445bf1669d1afd3dd43f04fb40a52f70fc8b6e8991beeefc7ff4322039c SSDeep: 192:LUM1s6BpvWaoINPzjt3rnAyWTnIGp7mhcpaTzGDN:LUM1s6DvWxUTroycpaODN |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8Vk8gt GR.mp3.RYK | 77.69 KB |
MD5:
5442101801cad3c3408308f60b439295
SHA1: ec8e01732065abec77ed40b9fbc24e3c953ec2bf SHA256: c7b8f627e90c436370232769ae9668f8184eea8e7bd7e7f7fb4dcf1949507fc1 SSDeep: 1536:FzUiu5nVSHI9IBtsbvlndwki5UYLd5fCmHs2JumYp1oS8EKZRPVxoJ:FzHEVSoRbvln2v5UY5i2PEoSP0VxoJ |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Dxiox.jpg.RYK | 64.94 KB |
MD5:
ba5257fe3051c70d54e17bbb0f45ef80
SHA1: 8afff117eece0a866f08a830d9a62443196620f0 SHA256: 8a43162b1ff5cf7fc1c526cda5aa94d4dd9daf1cb4fe0c863e758897b36a4e35 SSDeep: 1536:2cDF2BMR5Ahwdum80kCayf+uEZcfm8aEu4De9GWIYhNOG:2oF2LhRmsC7qMIEqND |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Egfaspk KdC.doc.RYK | 83.52 KB |
MD5:
0bfd08a124e6c027e80f8353f7747bd7
SHA1: 9fddc9d7fb5f9a169bdc50873f6374318355e200 SHA256: 6500195f5cb60bdaf5f5ab2cb86482f200e7549ef06a7d29b42d40bcb8d1d632 SSDeep: 1536:Wmj4rJI6+MVpkpPxR+uNOv2rMmZ5LT5zlLjeB2SSleosV1+3c5s3Fdt3O:Wmj4dI6+wkfv0e/vxpLjFIo8oM5U/5O |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\index.dat.RYK | 32.28 KB |
MD5:
1cb3b2a99862685e2727e771a386c036
SHA1: 049b208adbb9a3ea19013cdcc81ac080258e1ee3 SHA256: 6ab7343ee8a1556d1bc683677ff3345a55ae27dd86b9a8eee5068452e5b98920 SSDeep: 768:9zwalpObfC7sXTMLYbN7U0MhoeWDr8/OXH7PCLgW3Dchigf:e2Ob67sDMLYN7U0MyFv8/wCBD8 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\desktop.ini.RYK | 434 bytes |
MD5:
d344f81c9b4a3a972b3b32592d173633
SHA1: 8a70116ba97858c308e4b7793d4c1148b377bb4f SHA256: f3274421268fcbbc3476fde1bc0bc691977d17e73e5db9bcd69fa51176bf7292 SSDeep: 12:VVmzHAj6qm3o2UCTfNuHf0pyP84knMLE+iimdiq0dPmZ:d+k2UQf8LxsMLiimdJ0sZ |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\desktop.ini.RYK | 434 bytes |
MD5:
cef82babd7908625c14d75d3d205e90f
SHA1: 79115c4d94554a1f806739c9fcc20f94c6ff7078 SHA256: a5ee3471f9d96f6fe96bcd0febd6c9acb57e8e9b4413627ab3c915185dcc4501 SSDeep: 12:QIdzmJ9q8+iFyVdSz6hcYqyKy3+VwcQT0TiIanGD5APLb:QIdSJgdSzwwyAI0mIaGNi |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\_8Uk6OzF5I.wav.RYK | 69.50 KB |
MD5:
9526790f2996ee6ae3869ff85b7df1a8
SHA1: 6243a4305e55d8a169e5d5e571860de4ab7a8244 SHA256: 84933ff27dd76edf7cfc6135d08975d0512d7e7e78d986eebedc9d9e60364581 SSDeep: 1536:ZzaCZC9wk8FrwiJ0CtBjQNDNEzRJizV+Yfaq/dFiI/5zXab8fzr:NjZ4bnSEgRJiz4YFx/5Lab8fzr |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JYIc.avi.RYK | 85.06 KB |
MD5:
3f7eebc66b02e422628c0a15500d8a7d
SHA1: 9df519c56372fdf6ad76fe52859f7e16a2673493 SHA256: 7d524012620794532a704b380d33558377a85b7526e48cba076b59e962d9ed7c SSDeep: 1536:4XPMWc0BNPMy7zTru3T8qHL8OlUe9tUNCJmykCLQPDqotcoOI8O1CczVqu:4pc0jMcEmOXUCJWr+otOI8WnzVL |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\FFXb5Q.flv.RYK | 100.16 KB |
MD5:
aedb2da68400c62ac6841ba05bcb7ef9
SHA1: eac0f45907c32ca4261d42a03b064fd557363a70 SHA256: 7ca8a0fde5ad2da75d50561d2e54399996a71e6b610e5225d23af9781ab2bd9e SSDeep: 1536:B9xSvI8lgZNBLhuie9mUWLFWzCElvdQ2QV4m22e9YdRhPCEJ2RXOL+GRTTGAUQkt:7xSvt6Zh0aLZE3Q0YdRdC62ReL+GR/vE |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\t3oT7y2.gif.RYK | 71.50 KB |
MD5:
c806ba48786e0b5a2092546a7875af2f
SHA1: 6860098f31bb7181e30b2be63f4adba1775d9a1e SHA256: 4e201105c69c816cb3f90208341ded1a4c52f9cfcc01b69476c078841f7fe457 SSDeep: 1536:08hU2aZ8X/Nk9YE/DhnrfMviKAaz1vPDPhWJwtEOyUnyAtAo9C:08lNqV/Dhnrf81z1DhnVJnyg0 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\xSxhLvKszJn.png.RYK | 22.13 KB |
MD5:
edbc4f4af549eedac55ab99dd5934358
SHA1: f17a1899c77f4aa5abb0e4804feddfdb8b8042b9 SHA256: 4c126096d92cfb7c1587e42950cac606ace6fbdcf6ef1e6c0f2856e11b271766 SSDeep: 384:NhIOzKLwiyOZAPVMLP5uGxSVVzA91UGV4yuaYCh+r9FjEIUxi6NsxgZLSofBC0k8:Nh/UyOiPVU5rsNAjW9FEIUgsKgtSoE/8 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\hA1ampWxCrELO.wav.RYK | 66.78 KB |
MD5:
51248c644338308ccd34f90de7eac068
SHA1: b19594270cda8d3182d80af3e68ee6e5717528f2 SHA256: b41ccfb0c9b3b1d6516ed5fae96a762a6519db8c97763e9bc6357fa1b4c9c88c SSDeep: 1536:lgVkrCYJbjfAAZtjaNtPZVX5QOTV7Zul5Dv:lgVk2YJfIAZtGtPdVrul5D |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms.RYK | 6.78 KB |
MD5:
3841ac1af30b92d8c61fb95aaaaebc55
SHA1: 431ad71134ec70b00e3c5d3c1a5682938821d901 SHA256: a35cd7d15fd4d7e7b5f92073e4e051884a70df8ace59fe9cbb0809de72e75071 SSDeep: 192:YplOVcu70XuFNS1r4HBqIe7/vCbQp2poRvoggDj+DbFlX:VoXu3S1uqN7XCtHuDhlX |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\index.dat.RYK | 32.28 KB |
MD5:
c28d85c073da6196c33b11cb6ffaad4e
SHA1: e5a0d635bac698092e329c3ae1454edf743556ca SHA256: f57d477f5604782edc5f91e9c9f4d9433693b9bc8ac2197d3414c0a0607ed10e SSDeep: 768:DYSvfxXWgGU+j3vf9jFNpbillOXTqfmUrT2e:USknTHVMu8bie |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\desktop.ini.RYK | 354 bytes |
MD5:
a215f91697ac44446518b66170584f41
SHA1: 75b941cd3b4a666c52a998d16817642c919f65d3 SHA256: 112f6b3b0e0a2a68639480bc1c4b97a9f39c55e29ef0410b3b73fffa17f90456 SSDeep: 6:idlxu4oyqguxfUzijXgn1c3l2SvDgFJPsxOeSwnKSrm1MbJwP4KiUYYI0Xa:idju2/MfmV23dvDeJPsdxKSNbG4KitF |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\FRMCACHE.DAT.RYK | 240.49 KB |
MD5:
6083b915cb81055dc3cdbc881a4116c1
SHA1: 60c8c894281505040f7b67bd155755fbfcde2e1d SHA256: e8db6d2b0e4bf23c7bd00826da78b717ce436fbc23b131e15a523744c5a578d2 SSDeep: 6144:UbrkdqwySj/+DqT19WnUwFHlAZl75UVPn+964JAfRCtuM:Ub7w5j/VsVHlATIG9642Ctl |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT.RYK | 16.28 KB |
MD5:
1ce375a3571e903b101c013f824cfd79
SHA1: c051e3eb9e46a5717cdaad98dbfa0b967ee9a4a1 SHA256: b7ebf478ca7bcbe4e6f330d9c4db804a7092b6ae70a0bea497ae952677dbc97d SSDeep: 384:o58fuPprB9V+sKq7gPbba18Gz3n6/Smt7NHhLAqFoCLg0I9:o5suPpt9VT70S1z3yNjWeNW |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Outlook\mapisvc.inf.RYK | 1.38 KB |
MD5:
6ec9ccd5da5bb15c8b86bc3450f109b9
SHA1: 35af8f2363c1bf97284e19b2f51918518924f4e3 SHA256: f7cbc1c4a25dd4f8c648267dd3f7ce83b2b9c299637584409e30df115f21b1db SSDeep: 24:TWWAfQ/3MdJjlqdBzcQHTPr7ZKmdlU14TMq6RAoM7wGUJhO3/dNw5H9QV3XWxW:TWfQ/K3qzdLrAmdlU+/oMl2sPdNsd4WQ |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.txt.RYK | 12.21 KB |
MD5:
e7a24c19ee6d1db0b9f15415d8189dab
SHA1: fbffb5068164993ebcd5f8bb9529c849b2e65c11 SHA256: 6775fcc2f816bb780a0b1ed8e97aedc124850faea03a64207d83bf52274da8dd SSDeep: 192:IzsTqmpd485csRc23vIOFzTljsGNjog1ZF9xIsljy2eTO9AqwcvasyDfXVxN4GKZ:Ija6qwC9jJjFF9xImjGTozasyDWXn/L1 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\LocalMLS_3.wmdb.RYK | 68.38 KB |
MD5:
604b0001d7119a7cacc3b846b1db8215
SHA1: f9389ccda88f43c8a3c7d56ecf2e05bf8900f90e SHA256: 5d644758d3e690be9767b641ebe93ae04553b047341627e057942e5b1883517a SSDeep: 1536:umks20f3E351pcpEGFxG6m+mWMOdz5kmJThl1hDjviWi15Fxx2Sqiv:uZs2g1ZmpOtJThljzihz2Ev |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\thumbs.dat.RYK | 125.28 KB |
MD5:
c37b158b5e9d2faedce2d3dd327fa601
SHA1: c22cc04ba664c645860fc1ddb1aa3d286ecbcce4 SHA256: 0c0b76a9c963f357fa4e2e889e7245b511626cb0503fbd42181bf5a9042fec9c SSDeep: 3072:HAkFYKLd8Mt1K0xsOuajbSiH1JjML/C69zfvQIMvFQwcn:gkFYKB8Mt1K0+1ajOo11MjC69rv1MSF |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.bak.RYK | 12.19 KB |
MD5:
9335ed1999750868694a7ad25a9e037d
SHA1: 95a8f761914d12145760db570db63c5e26dc160d SHA256: 181a695f29dc1bf51b736de6ea7801b60fc818bac3371d022a748d4040c6354a SSDeep: 384:ZEyYCi8V1uh9elu/USQKIH5ldfvCpUYtiuqC:yCdakS9ajfvCpUYhN |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Outlook\Outlook.sharing.xml.obi.RYK | 466 bytes |
MD5:
34bdd746a861882b168a5ef0fa8fb9ff
SHA1: 9028b9fc5d3dd732c01db99cf284195e0ac67e9a SHA256: e612ed6bd8c37b624fe9bcd5dd3f3691460c1dfd4c4f9f83f9eca98215ac8a3a SSDeep: 12:wFiW8gThSlfl8vJBlSWDQxdXacMln/XVefJP1HxSFF:q78gY7QJBvsxVaTXVexSP |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\content14.dat.RYK | 99.50 KB |
MD5:
b2a69aff8d96cc650b80588cf9732953
SHA1: 36ec2385527fb042bd587b73d49e450374b07e21 SHA256: 9e20dfffeb921a8199a60f30544c1492192c122c5de2974fe3eab43fee7fcbe7 SSDeep: 3072:zo2iW9KbjCCaaMYiPX5vbOuloXm08LoFU4GqqD:DNKbJaYiPpvUXm0tGqqD |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edb.chk.RYK | 8.28 KB |
MD5:
d39d43e4661e1ede207b426bf1044924
SHA1: 18d4988490aeec64ecc9a55310d99e5e2366d4e3 SHA256: 273f63ccfc33f0f6c10554715160505256a795353cc2c56144a1627910814293 SSDeep: 192:56zhihyV0o8DDcdXil0LMx8FqonYkv7a2tUlhziw9m9:0zhi3o8cdbLMSFqsYkruziw9m9 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\oeold.xml.RYK | 546 bytes |
MD5:
69da63a829b2abc323dca949fda15302
SHA1: 3b0eaef0091c2104321a65926d3fc864e4bf4945 SHA256: 89bc82b26b7abd2c4c90b485846ecdc48a5ff6f3ea11a2cfcd161914131344c0 SSDeep: 12:CMpiwfRWTLUUHJFvEwmUDH+WeKhx0GsIAkQhHJn:LiCQpFvEwmUD+WeKhxe1hHJn |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edbres00001.jrs.RYK | 2.00 MB |
MD5:
e7c6a135392dd7181ace9e9789886bf5
SHA1: e5fdc535c815c8323f150eedf39f39fe8ca303e0 SHA256: 399373140945fb17ee8a04d304cd993966e27f0018d4aab4850385d6b002d573 SSDeep: 49152:bk3+GAVYkTND2Feag4J7O6eBt4zSqJiJyG:bxBNDdQODrqs |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Media\12.0\WMSDKNS.XML.RYK | 10.22 KB |
MD5:
d528ed59a75ce072977ea64496387531
SHA1: 75c82499d6ca62399b78db79b9e77039c6e5f069 SHA256: 90e41c59f173a6a6219877a383a79c19730263beca1f01ff5cb2b7a42d56808c SSDeep: 192:5EXFDPgRkoU63D0TF2mb4RcaOBwN3btXX38xJ/5b72Wnko8ONyLCRTM4XBHZ3:5EdY3D0T8mb4tmsnsj/94oxsC9 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Media\12.0\WMSDKNS.DTD.RYK | 786 bytes |
MD5:
5332e13525d76db8d68de819f1357ada
SHA1: 6482af3ced7e374fe207ef3baa8701e6072d222b SHA256: ca39e2e1cf0e07c7c2168470d4c9c2e00d05c2fb8ed2967897f6354b430d522c SSDeep: 24:yIYQ3GoMI5oHbKRj4vIIKcd1aQ1TvCIl83XhoxQ:yIYXoh5kbs8vI3cd17CcSh4Q |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\History\History.IE5\desktop.ini.RYK | 434 bytes |
MD5:
ffdb47cbf1fc813bdd4149ead249097c
SHA1: 3cbbb441eb445f04a987b5da97cb999f4d359246 SHA256: e6d0aa8f82d6e564f5b800837fa3e81ea30dca44990c563adb7c38ac1baf7125 SSDeep: 12:j9Cfc2uqVv5ZrCesVYFfUSNKFSpb89MXa1:XXqVPfsVQdNESha |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Sidebar\Settings.ini.RYK | 370 bytes |
MD5:
74680e8424cebbfaea1b7abd596ee950
SHA1: 37681c81c72f132f2c2852e8e5ce3c8a6cad028a SHA256: 04ea02ecee27e5ae9142908c3a19cea743e82d518fb6bef6637c74bb744350e0 SSDeep: 6:ycnLzIzX19U9PO39n1KkKTxFmxSMPq1qNODXHm7crE/B8Qoo4p+Hk3NBO6DD6P/+:ycnv4fUVO39nsxx8xSOO/Lm7ItQoo4tn |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edbres00002.jrs.RYK | 2.00 MB |
MD5:
948b8f3a689cfa667dcaa89d3850a9d3
SHA1: 0c8cc5111be4c8b1ba0c0366ba025cc13d2a1caf SHA256: 306dcdafde308810f73260573489b61c0a508c0c6987ff30952874eeaa7d6217 SSDeep: 49152:7Q1ZIZGOlsoP52+qMf9I9WO/kvVc8lMFtag:7pWowswWO/gJatR |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\History\History.IE5\index.dat.RYK | 16.28 KB |
MD5:
70e006866ef68ae2c0342affe30c74de
SHA1: ed186ac6f2cb3adc948e10092e0130bb8b0d2fea SHA256: da43ec8daad65f40870579d5f31846140d91350cbb847393aed5373be66f9359 SSDeep: 384:3Acg1NRcM4qu8yQTAt8lVYV6w4UgLs2BY:wc6RkS0V/4U47K |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RWi77TEZNRMGP1 8C-Y.jpg.RYK | 93.33 KB |
MD5:
f2b7b60a2f5d1cdc9d8eb605afd69d6d
SHA1: 84c0a04fedf1d975c8fb9ff7df953b424f76fd8b SHA256: 8be52041cce6cfd45b284f34d307e80f11d4f6618254c585a483b63b62c06719 SSDeep: 1536:zYUV/Clj7MrMowJlhm3CYvY/OTrgGAlLVESmsDVNi9dCjn7/B12pe7QH+4Pw+nYy:zPEVKQlhGacgGQSENbrTPJQHN5F |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Qt84e7C8eLCYfMRCQN.swf.RYK | 81.21 KB |
MD5:
bb3c9c5f99798cbaa305474025ff8efc
SHA1: 04c8f928d7ba6410284055946bdffc16b16ec113 SHA256: fbc583fc031aac376e4d7f59fb46be6c0f4bde5777c7699532c500479c01c2bf SSDeep: 1536:t+PTTZZBW0+Bc0Xn7RxP3NQD40clZ+z3n8QOvcAEoglilEF2Pfsu:tB0+b7P1Q6kz38XcAEoHlsu |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\1q_7S _sJf7Tgt_vFyHJ.wav.RYK | 81.05 KB |
MD5:
e4b2250bf9acce753358898193236291
SHA1: 0e1299e2af34c11499823f593fff7a79feb20004 SHA256: 2b5718367ae07bc0068cde92ee10574a948dad8933d1493e69f5bfb164f0b8a4 SSDeep: 1536:DF2+GWM4C2/aDY84o4s9OQq3ZlCZu8FRr3Ys5Ovxs/mDZ8u5:R2+GWMC/Jo4s9r4lCZFZ3+VKq |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\tSQTBue_nr0Cv7YAUz.csv.RYK | 54.75 KB |
MD5:
41d5bec1f02e08c4c03407e36ff9339c
SHA1: 5dc881a0675f71561d19cf8dad669fea2f452da4 SHA256: 8586b6146e0a90fd029f8178e72c5826c900467f28fd5eb15ae1d61e1f798cc8 SSDeep: 1536:nLDYWDKHw5jlLrnSZirudpXxtXvDr+ubKYHTaskQgS8qO:YhOH0ia9JLZGskT/qO |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\_9vOSCvIM6yj_Fag.png.RYK | 5.14 KB |
MD5:
6274ad7d34392f4f07086b40e5eec827
SHA1: d8699e4e3f1b36f980fd124ff035a64b0bd33605 SHA256: 3ae797489f5376f2fa0e7016e15450de3318eda8ccf91378a09cd5b206e3cb13 SSDeep: 96:ckHlbMdvGM+dz78vZ8xa9ELjFfb6xfkHdciK5uaWOwKAklmyZwE5mVPRvGZ:ckJMdGM+d0vMa9e9b6x2chnnwKACx96E |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\pzZGoFZ cjbZITKhSi.mp3.RYK | 23.46 KB |
MD5:
b1d70e6b4c00ac58e630471f76756520
SHA1: 0faeed7743a5198b78e348b3fb3bcf0a73e87fb6 SHA256: fedb7b62acb08285264662835234c6f6fba467889796fcfaca3b84477ecbe5ea SSDeep: 384:4a8AhQeuTUZQGKy+OjVJwxH/Lw/em3xNf5Y70m4wTOMtaN5+4vCsLFHs:P8AyiZlNVJwxkZBHYQc1AN5JM |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Q3n_NxKh6qQDrqPXiJ.gif.RYK | 17.06 KB |
MD5:
27e0b6db4da9ee5a39466f0bf2afa855
SHA1: 40f3d037f062d17c6f66c1f339cbeda746d0328f SHA256: 344fd1ce90f2916ca7643cf070afcd5d5d3378f7329b2f64e5b979f35405458b SSDeep: 384:L6GR8AcfBa0S7fX259FdXSyMPfLIX/zhGNeRnon4o9nl34iEcU:NjL3f25JMP+FGNeGj9I |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\desktop.ini.RYK | 354 bytes |
MD5:
6014972e261f16debbd54e3af9396aa8
SHA1: 37870426a9198fa2ca52f883d7cfd0453f2db9c7 SHA256: 03cf6b399730376ed2a203811eb6511898cf61db2cc8f4d1b67eebad39b0894f SSDeep: 6:6waFL/E2lqMvUr30u/m0csEn1SPBi9W+l6HPuXnGl21ld5u8EeX/f74vWvGLqCB:eFzE4qMvUD04m0REYul6HwFU8EeX7DGl |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\desktop.ini.RYK | 354 bytes |
MD5:
e23be30beb3c57386a095df96c405805
SHA1: 817a05da3326a0df5abb9ccadd502fe68d7d1ab9 SHA256: 0c32049b3675d377eaf0bf06b5c2d511111d7e71f04526001d0d102cf9061c4a SSDeep: 6:eblWuqBnFdV4mjBPb+EiS/zOW1GCLhAbk45Qii9OD6krS/x5c+3CDeLt4e:El+BnFvPFjLiCKW1lLSA2Wk+55cYCDeD |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\1NBUR4HR\desktop.ini.RYK | 354 bytes |
MD5:
c0749aa079cbc93315549a6600194491
SHA1: 5d4b42e5dbfd1760fc258a49d6c449334b7e0819 SHA256: e2de956019c1f4c179af0533349aec64f18e324af3f737e11753e9a49906f188 SSDeep: 6:wqN/FEVoWH9ofldGNGi9KTQ8zMJdIL8KIR65zw87QKzk9BRACFH3xCreUq7n:TJFEVLGldGt9KlOZKIR65lk9FFmdyn |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\Microsoft Feeds~\MSNBC News~.feed-ms.RYK | 28.28 KB |
MD5:
a695031aab39158d599e06d5add1bbff
SHA1: 3818bdcfae87809b07efc09650d2bbc7569177b6 SHA256: ae545b75cd932b562c9ba876d637f1652f433923761aa0d5784cee691533d15d SSDeep: 768:RczxHkex/lRAC55cYWKtvJoM8bq9OmlLK/cuBCAb3T:RclHkg9RujKlybeOgLK1w+3T |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\MSIMGSIZ.DAT.RYK | 16.28 KB |
MD5:
b4513bab3d7f3184a8e1c492bcc13b98
SHA1: f6e0bd0b1612544adb60dc52bbdebb057bb9f920 SHA256: c8160f21213673ea49f3dcbdd5144a5c38a3a0c019ce8b10542b669516771a87 SSDeep: 384:0XwQM/zOkXFpIzXnodp5SRznMKbnk+0FQiVpcd6B05PfYOG:qwQMLOk1pIzXn4nS1nk+/GcdA05jG |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\MSHist012017071220170713\index.dat.RYK | 32.28 KB |
MD5:
3f00cc5cddbe4cd74267903e861be0cb
SHA1: 6c6ea60962792e808bc01c21c8b6fb6ab50c15fb SHA256: 0f1b354436b2376fc5155baaf2102bb8e57567dbd6aa792fe4ada46bcdcb4abd SSDeep: 768:JYTin82lLao0HEv1L6s6m3JlacHIUSACLzxfNpFmCZegBRjF:Js32JaDHEdLTxIUSRJFm1aBF |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\6ASVN7J7\desktop.ini.wav.RYK.RYK | 354 bytes |
MD5:
8f8bc5be915caf4eae7df7621ba48b15
SHA1: d0c3fed7d3ccb9858d941d738e1acfe98e7df05d SHA256: 1bb5a691276c778a65d217cb71e5da456028d10f7c51d500e1051bf16f313f19 SSDeep: 6:Q30LOaB4lJFNTSp3WNCLxd2j1BVU7WE2PWMn/GMeBi+CJKNDzVh2FJx:Q0OaB4lJFNTuWNCLyjTVU7hZ2GMeBiT/ |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\D68G7BIJ\desktop.ini.RYK | 354 bytes |
MD5:
5da8231ff87b7b933f7616557f840186
SHA1: 8888c932c75599aef7a2e6d8b04719903fb5b0ef SHA256: 45d85bc09af54075e596ee75794aa7338b04ddd72c27688a7e1c7e23ca3f641e SSDeep: 6:9eeTZS+k5pLEZ0BbMJ9uORWJY77UBH9Jlu7YAfR8BUIwKB/nMpHhh7EIZU1td4G3:9BTZ63L1B5ORrvYdJlu7BZ8b+HhhAIZO |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\KQMHSVKD\desktop.ini.RYK | 354 bytes |
MD5:
324d3ac6a593c5fccdfe41b4f60f8015
SHA1: 31f8303456b1acaa48cac26a413bbfc4218c6e3f SHA256: 9df387a09bd650736e39c0c0df08e81edea9d1eb32c60aaa72f038a5302d6692 SSDeep: 6:Sifn47nJLwiy3+cA/OSXa96c6J/PIAhX883vPt1LSNwwOVMrJU7UxUd7saGjubzK:SXwipZ/OgFR/wy7ldSNVOVMtWOaOUzK |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\index.dat.RYK | 32.28 KB |
MD5:
76f408f7ad3b6aed078032327cdaf400
SHA1: fb7980996d66b2af0ecc353aca9a6660dc9aff8d SHA256: 126ce1e6aee4aeeccaae1963affc9d6e58c5cdbdf482b3fc92ec54558f87ce51 SSDeep: 768:F4wo3W8szlXETIsHhmpSqRTlPyOzlXwCX:a3W8o6PczhPyOzlXwu |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\frameiconcache.dat.RYK | 9.27 KB |
MD5:
eefa2852d6c0944fa47289fbb539d9f8
SHA1: 005fcb59c73f727789a58fa74e5768183f4b045e SHA256: d2f8b6402c171b81658e0bca89b19735c7cdbb9df6370765f4cc0ee7083e93e4 SSDeep: 192:1jOINkRXiPpmy0KVY/tpT5FAF3c1HJ3Ku3XqCQyXk0RjgGl1hS5R:sXixv1OvapQtKcq5yNFRS5R |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\CurrentDatabase_372.wmdb.RYK | 1.02 MB |
MD5:
2ec7a6a13d77330a3f3f2b40c57d47fa
SHA1: 2c78682abe8b55f0b485be9407e0b6be75d145fe SHA256: 164e767aeaccd1a6fdc2de06e45b7d0d7be069b3d41ac37287d5a88b71d8d778 SSDeep: 24576:veBE6PS1ORJL/VKx7bT8etAJFX0T+ZrJQZRpdY/A3eGqVe1tUFUkX:vASORJDVKx7ceuJFX0TA1QZjdY/nA1ub |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\14.0\OfficeFileCache\FSF-CTBL.FSF.RYK | 402 bytes |
MD5:
cc889449509529cafef564d420ca462e
SHA1: 8e3d8496e434fb796c876c505da2418aaf1dee16 SHA256: 6c81e0ff674dbad83050015f7df7ddbc6ee39ea1898ebac449f297625c69d333 SSDeep: 12:U/JwX3/34xSEFdyQb4XyzZkBz4GY6VAtawuUtwn:U/43wxpCQBziyuwu+w |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\14.0\OfficeFileCache\FSD-CNRY.FSD.RYK | 128.28 KB |
MD5:
5611613bd3bce771d9a230931875fbf8
SHA1: 89ec7fcba739f731b04cbc36b2d8749b7b4045c0 SHA256: c4482fe595f778dd6397722f5385576aa3a2afb567b32367b19b8970d518017e SSDeep: 3072:3Ufey5g1BIbCjq0uM358/k0htQa0KSZSXqBmVEOV0NaS/T0f:kfpIImBuM3gPQaxXqB+/VWxTi |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Backup\old\WindowsMail.pat.RYK | 16.28 KB |
MD5:
b208f9c0840fc298e6388d92ba8f734e
SHA1: 6f5ba9a2615045ad2325f2e4bdbc1aef6bf0858c SHA256: 33fd5dab5f4de8685aca877da430a565631567b9cca678bd8b041789a81d16c5 SSDeep: 384:KoXoyE+pTGquMWDPdZ/x1UQ5gz6c1YnTo7BGsUKHYaGx2wl0u6H:tvrpaBlDXxazknTGGzwQ2wab |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Backup\old\edb00001.log.RYK | 2.00 MB |
MD5:
19b61f889867293ccbae7a5cdcb7559f
SHA1: e0c670c8216605aa3829aa5c5966f0121a5357db SHA256: 47f0cbc0191bba6b17bec40dea64c0c3f121b3ea4b6b062afe53105ffd6575e2 SSDeep: 49152:kkYpV1Fe0V8thGTBO+yFZoiMyx7Yutd2/3ju8O7p:kkYJeVtIrK7YufW368O7p |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Bears.jpg.RYK | 1.33 KB |
MD5:
e484500959ce2e190863d6758566068f
SHA1: ae071c01f11dfecf95411bbd4c39aa237a99246d SHA256: 84d673e4cd0b916dcb69e1b9df36e6bb3f810fa776c5c6ec8ef51572ad7890ca SSDeep: 24:oToafQAxlZ1pyGJRuzn4C3QxfmYYH98F12oQDVkM4rq8BNMfhfhcJ17g2UrDnPK:SxOGJJxfmYYHA1YpN8BNMJfhcHs2UPnS |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Stars.jpg.RYK | 7.61 KB |
MD5:
4026bbe42960a34885412f76600c6526
SHA1: cd233260320eebb954f88f4152e7e7d8c0aa037b SHA256: 106312137664942772c792b938c74b83e15c70a98c590a873e05d6d1f404830e SSDeep: 192:ZU7c3z5dmWRMBoWr28PSmmiM4WHw9Z0svs8XpdjwhE:W7+z5EWRuozWlmR4WHw9Zls8sE |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Desktop.ini.RYK | 930 bytes |
MD5:
dd6cd5deeea70f34e5bad60999590172
SHA1: e809750f864a69452bee8257f8c3c62870358eb8 SHA256: 713a34186fec040731a42a736f863b750f16fa113ee2d514e12b120eaa8bdb67 SSDeep: 24:WGPny7gFo3p5PX4W6IrfePERCdFpMLjQl7tLoSR8zAD:WGPy7cKf4Wpr7eF+nytLoSW6 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Garden.jpg.RYK | 23.58 KB |
MD5:
0eb3556cd8ec0ff904dfbab462b86e31
SHA1: a7dfc285262b0f59c3615154e0260d4f0e43c1d7 SHA256: bac72c22e47390c6aa389aa0ec9a32fb2afffcddd4a074f8c51c3ae59d5a4d4f SSDeep: 384:WQFQZ44fRfDBI1pyQWo2Jy86HjALyM97RhwlcBFRkk32lbRTlhFr4qEOszFFnw6+:WKYbBxfo86HWn9pXRDGtXhV7Sh4+q |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Roses.jpg.RYK | 2.16 KB |
MD5:
bca9bca2852aaf179b28c20c491c86df
SHA1: eeb246c1d9aa7b85677ffbcc4ff8c536da7cadd8 SHA256: 6619a941a4a3fe55832b9dd431de3452367912681a4b2b372ed5f83bf3a93447 SSDeep: 48:vhhelWP4NvYTOhZWGsrU9wse9b31PK+BPYnWznCekVOCS/7:JhelWOYGZWNhBR30RnKnVft/7 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Peacock.jpg.RYK | 5.27 KB |
MD5:
d29e410b53d809bfe071e0dc2e774411
SHA1: f6fa8d88a0166a04e477578b0df7492cb05de900 SHA256: 317cc29f91ae6f7c3e4ef3483cd943484ae779667a58939042bd2d704069cd58 SSDeep: 96:ysikhea3dnceuwO92azBOvLO06Vq1/2sGvJfK9YeZ2dN6S18SqvMnbj8k+wdpI:ysi2xcIOcQszO032fvxKZ2nb8nvMsk+b |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\HandPrints.jpg.RYK | 4.39 KB |
MD5:
8ac2b51e341ebe7af48b2227d69fbfc3
SHA1: a12892c515d42e406567792d6d7a7fbe073ad089 SHA256: 3a4266a2742bdfd7d909a1750c6281d7affa0d845a6497202ac31a66fcbde72e SSDeep: 96:6idpsCALtwYCx70LdD5tQ0N4tGKxA9gFXcuu75h4DaZNIR3SwyD+7KKR:zwCApwzV0LnGO4tlxAqXcB7H4DVvGWR |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\OrangeCircles.jpg.RYK | 6.50 KB |
MD5:
10d352ea0d81d1887ad95e1774c48fd1
SHA1: 50ada141f74d22c9f0329d1bcfd27efd23c7accb SHA256: 261f7eb30f2c9b48aed57fa270c7dbd4a8ae16bbec757113d8286ee48e8e3754 SSDeep: 96:S4V/tqe3Ys+yTToYqP8FXVj4Jai9GMCeQGGlaiMzIYXSAvL7z1TQ/yU0bDAUob0X:Z/tqe3Ys+y3o5WKh1hU0/hi0orn1bG5 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\SoftBlue.jpg.RYK | 10.60 KB |
MD5:
b8dd245c7138ff33febc96d8d5080180
SHA1: 4327fb313f2e861f978d7036e3ee39efc62d8cf9 SHA256: 43871d964fb9a8cdde3637c2b23e1e1543692d45a64a122a34d72e8513b839a5 SSDeep: 192:Rr/DYe75FQIBMSsCt/seTrkb5HwWjOUZRtapx82DYlEHM+iwNffereqDHBitnMQT:RTce+SsCtEakdHrihH82tHM+iwNffsel |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\ShadesOfBlue.jpg.RYK | 4.89 KB |
MD5:
93aa0814a1bb9db298609ada386e645d
SHA1: 4c62405ea11ab1e64300c5a561b9ee982ba5a979 SHA256: e6064b35adcc4d26046f25e3f0249f4161d4970943554f46d86d0f7b615546ad SSDeep: 96:V5IXXpI6I+8Kb31vC5LgqPYpTo3df3f631a6Eq3P:Vg5IoDhC1MpTo3da31IeP |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\desktop.ini.RYK | 354 bytes |
MD5:
a5e7f3022c127075084aeb3cca262409
SHA1: f73cc3ffaf1de62174e4c0633d8d9032818601f1 SHA256: dbc986c7ebbc7b44a966500c29b4f5f0a19d5de7c62e12a83ef01de65b9170d7 SSDeep: 6:GdhlYH2AbvyS2J7gMRT0WU6EuVldRaY1dF5EbgsBX1OxB:y22AX2JkMJ0GrTdRaCdvE58B |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\index.dat.RYK | 32.28 KB |
MD5:
03b925a966753a3add33db104e69e420
SHA1: bf6058cf58b7410233e2c425293fa56eb80f4d5d SHA256: 2bfbfe88cb8fc91ff3db72793436f1e4a660e1a5a1076db43040163472f10354 SSDeep: 768:Ggn3ZlWBR0HSFQiDG8+hoajTR6qoCvN+5yazQSswV+FHuM8:GgnJlmRmS3GhoATICw5yaGwQB8 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\desktop.ini.RYK | 354 bytes |
MD5:
89dac97e1ee7bfce10f50b4eab508f1b
SHA1: bde9bff9cacc7f799b455beb5e6d5f87747cd0a4 SHA256: 0ed953377f76c316ade7ad2c1e58ded186700dbeb309da076f5182dd5093c7e8 SSDeep: 6:csa8uMhIf+ncgytALU3YbN95i4PukwnwrikDYCdivnZYCL:cs3vImcNL3YbNHukwwrP6ZYCL |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\WindowsMail.MSMessageStore.RYK | 2.02 MB |
MD5:
e4853bb4e1571db121c0fcc345243721
SHA1: ee3ba813f2276ce62c89336c4c6d4af85af40fa2 SHA256: 0d98d9350b7a1c30c10c0e74c9ea13e34a9d6d40838486f7df6826b8b9cba941 SSDeep: 49152:voBVUVgpn59RZ6WDkd2KND6Pn+a4vAX5MyM0SIC:vw59RZ6t16n+f6GyMqC |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\MM5O9XQS\desktop.ini.RYK | 354 bytes |
MD5:
017efd3fb1de8ac4388ab0cf4978b28e
SHA1: 0a38ba24cf91736febcf46ced34ba4ef38313a3b SHA256: 790daa64035c2d08052db08f6a3f5b71f016288e5f8f603980994f085fe344ca SSDeep: 6:BuCxnYiemKxAzDU35B/uU8J2f6Q+MEu9Y+yMObnuFz2aVwXhC45iRmu:BttQxAzYfGvWgIO+yMUnS6aVwRC45Lu |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\PMMR5K9K\desktop.ini.RYK | 354 bytes |
MD5:
a0c779da5181dfb11775c6cf89eab612
SHA1: bcb0fa0baaecd6b4177241c84f79f33bc3958b5b SHA256: f510b7ff1071f884afc0edc66ed7e63f85e2986682ae7fbe4514fc53d75fe8c8 SSDeep: 6:J6B1MRVe2/byqFMOysJ+yrHJRfx3suvkM+sATqX9yNA8AuSemMVUpYFCp:J4W2UNEAHJRxBkM+sATqXI+X |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\RIJUQL1C\desktop.ini.RYK | 354 bytes |
MD5:
e35bd10f326f4a6ded853f520fb18c52
SHA1: 018ce0e619f8305f945ea642775d722ae872beb6 SHA256: 23e88fe2a47a35248ed1d5b08deba0c6436bfa8405730e2ac4160fee81d584eb SSDeep: 6:Z7dX4gXC5pFW6bDXiXiK8LlatWaoudJP/UdBfvnSSNrnr/i3AVycG:kggp04mXGYb3/sfvSSNvi3AzG |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\X9OHK109\desktop.ini.RYK | 354 bytes |
MD5:
ba3bb2af4f93e2630d29db06584b373a
SHA1: 04b98c9e46698917d17fb2ec9327a9f488a9e364 SHA256: 291a1e8b5dd1d4d5880b1b0d41739af44baa29da2d05bad24e767d601bd5733f SSDeep: 6:lp1JCwJ9+nioNErHqXmjeptOqqpoJ4i5V5NoG1YcXKKQEvtA:b1T9+n2rHqWjS4qqpXY5Bn7QEv6 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\js[1].RYK | 1.22 KB |
MD5:
71d9e444d4068630fc951323a76c0a21
SHA1: 9ba3b22e97e67fe73e9c47fe59f526d28643944c SHA256: 47fe4233c5d006d7bf2ea9e933b64f7e3290e38eb8127e53d771856c2340fa44 SSDeep: 24:sHUCK0J0OWkIQQK3TsxTa+Abgiz89vSOhLMJkRi8YO2hADEGXHgYpl/nAa:uHjIPaeT8bgX9vAPQElMqa |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\v2[3].RYK | 12.19 KB |
MD5:
0af6c132fa791e67697d5c13af701814
SHA1: 6c121efec5a6af209adbbb84ff2e02274912502a SHA256: 6649d4fc3621008873824d1928516cd52462543323e495655d3ab94fc23df022 SSDeep: 384:53xJozDj87GDpnIa0494W+7plJK/HlK30uKBPMuo0yu9n5mTcd:5Y07UpnIaSJKPlKUPMGyy5mTcd |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\v2[2].RYK | 11.56 KB |
MD5:
10ed6becddd7a99ccf054a87c0868615
SHA1: fae1a1b5293f4b8d49d9b3dcd6693c88ea8707d8 SHA256: 8db2b84d22b3a0c282474a0cbdd2079ca29585045bd2cac7f71b9297f734ccb4 SSDeep: 192:KMGy8pPUWmYF/wxdeeuHfiW+249QLBKfRQ9AKdnRU2d4PNOjbRmMNz40UrPEU6Se:x8pMtxQeuaWS6LBURioG4PNEbpqEivqp |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\f[1].txt.RYK | 13.47 KB |
MD5:
c589b6663a80d18668636fc3eaf66f0b
SHA1: c4f14004339265cc9dff8b492bc72160c12f5af1 SHA256: 9f2af29f512a83f143ec4af285d5869a1a89fad7381f199127cac639294ea8b4 SSDeep: 192:l5XrcvvrmKmIqtDfYJGx842BtvRFxu4tjeuCEhfBbgZmID6AHJqbNxqa4q6X37:g3SKC9fYskbxuMoeLfMda9OL |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\v2[4].RYK | 11.69 KB |
MD5:
f181ecbb6f0375219197e01258522349
SHA1: e39faab4209023a61da56838f1c7b05ec2bbc43e SHA256: 684086782faa2eaca74c5d1d8cc251426faa709b90f53a68ce4a52870d5e3f05 SSDeep: 192:o3QneX0W6Pd87G7zicmnGVXqnh/vuTZjrx1F7G+9DXBuGo5yriRruMQcwI:o3QneXOPd8YOHuqhHuNjF7D9zBufBUI |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\v2[1].RYK | 11.74 KB |
MD5:
e2faefffa626121917462a1c8d0c0d39
SHA1: aa56caf2a29e65e356ebd611393f77a457ea690e SHA256: b955c28e42040370232b43df0a8cd5cdae7bbf5d43c91301f3873c6e55413082 SSDeep: 192:NmxlRDxI310OSP9FXnStG6B/PUSQtt4CGNMuxYsqu4JrrLT/9JsiMSKdxuZA:NclRWpSFFV6B/HAteMMIrHwi+SW |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\desktop.ini.RYK | 354 bytes |
MD5:
64daf6573e54ba509fb45813af8bab16
SHA1: a38d98bd27e9ce3c74144f2a821ea6be73998dfc SHA256: 2b44a7414b33ede141bb7f610c174632240489d71c37a20bdb6a9a382aba6173 SSDeep: 6:AwX8zO4kRJEE4JQjn1Ue/jf4peggO6JSiS1GWtRNl+sD7drkW:hXyPkRuE4eBUeLgpZSZol7dn |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\js[1].RYK | 1.47 KB |
MD5:
2fc231a99ca0fadd30b7468bd77f5768
SHA1: e9738c0a3dad8c26b57e1a3e335bd8c126b599b3 SHA256: 364ed7b28db529d73f4e29dd71f4b45af53333a608d9938c8dc2c95be928a33d SSDeep: 24:88fthx9V1mqo4TxhYGzQq7eif7vF2Wgzq4E/VC7QTV1TAj/RvlgG0:88FxrogXzQq3+qpYcTV1Ullgp |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\js[2].RYK | 1.63 KB |
MD5:
05bf882767890846f6708d3c9ee6ddd2
SHA1: 628e93129c5c0de8efcf7bb2aab348e619977445 SHA256: b78d994aeed73002cd9c8d83e4fd8cc702321c096e67a9a423d39682fad736dc SSDeep: 48:G8Ik+P0Cdzd6tcTREKS3xnpaqvUNbo1a5A5:7IkXCd03tvUNbw5 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\index.dat.RYK | 336.28 KB |
MD5:
1fb43130f05fe1a760e58524dbc9d3a4
SHA1: 74942eb79d5ccf5f823e74127621ae3daf456f33 SHA256: 71eecc03ec67156778a0b43d4ef8908dc69c1cae9aabe999bfdf3525d1d2a058 SSDeep: 6144:uT63bAT/BuBspxID5Z63AlA2i2oasXD8CdAf2+tqMey1awTXaNQRY2LVZu:uQ0T/BuBsTID5ZgAANasT8Cdup0MeObk |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\YG1R61Z8\js[1].RYK | 1.46 KB |
MD5:
57300a6bad1e924f86ac79ae1db73339
SHA1: db1b04d16b68a6015a3d2b5528fe4b2cd1c395f7 SHA256: d295d58039045493879a4df0b737585339c5e659d60fa5ed9b1f352604420bfc SSDeep: 24:mP4TAX14lJxjP6PHVfJ+OJl4u19TNVLz5vCFq3Se8hT0/0BXR+MF4ATPYaW4C7nh:pAlFPH2C4uHxVLtaq3B8hT3BP4ATG4uh |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\YG1R61Z8\v2[1].RYK | 13.06 KB |
MD5:
f1eef902b5d4b9194f3395fd7be421f2
SHA1: 70b20f2e99b77f2628c6f3c3a758550863492585 SHA256: 1ef20a5849bed202828fb52772d3d890339f6eead3f204d689d3397b159f49b6 SSDeep: 384:ZGdo6EnU0tths2gbfhBBsRQZRMCQ1lF8Y:JtW75BBsbFF |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\YG1R61Z8\js[2].RYK | 1.22 KB |
MD5:
6e4bd84f820df6c41c6416e9a5a2480d
SHA1: 8ea2f08d027e3c74b0cd730b6bbaa956d7bddc57 SHA256: 25d8da206c4e9081e521ec1e47b6ae48b9e2388467e81128cb741e310b9d226a SSDeep: 24:USB+l3PNW+NNIzgj3VTjBy/84QBHzJKrFOYILGG+6DK25RFo6EtJ4VB7qmpRs:vUPXzV5y/BQqrFOY6+6DK25RFo6OibRs |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms.RYK | 28.28 KB |
MD5:
c204567a0a0629b199c906b7537920ae
SHA1: 4221df7be141877ab44e1d439c7b73e71da00bf5 SHA256: 5b5dabbfc7ee51af6dbeb29b8f48415ab24ce0478de9e1287a52e31f1d5efc9f SSDeep: 768:O5YmOWcSOLWKA+3zoGj01mwAPJV1eFpSI62mkz:OFOvSxKzzp01m/BeFAIv |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Work~.feed-ms.RYK | 28.28 KB |
MD5:
736ad57e211c9aaf750de6f7d9f95033
SHA1: 1e147fe88c9eeb63638f57ba8546e524ce7ec0eb SHA256: ca99ea9195bb23dd026b008ca5e0212c439d3d9f14517df49e2d6729967273ae SSDeep: 768:EmMm8ZQaPDLAIeI2nInjeaL3HQVNRK2cGFmg:mm8poIe2CaKhR |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\0000E713\11_All_Pictures.wpl.RYK | 866 bytes |
MD5:
6dd51634a938e4af711e428b9c9c3495
SHA1: fac77434dd4df678f84e0e9cd3b10d632693d464 SHA256: 5d4e6d33dccfe1e8fc53d87db394eaf7c23b18f88d8cbfcb503110c4a00922af SSDeep: 24:EaO7Wf2wZioAz8ccv+N90YXHceD3WaGWSk:EaO7WvooKpuUHnT2WSk |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\0000E713\12_All_Video.wpl.RYK | 1.33 KB |
MD5:
722dfbf85f07c0d25d6de237da2a9c66
SHA1: 4f9c455203dc3107a00abafc79a4b2bc7efda5fe SHA256: 69a6f6067b549768a784641e7edb98b064576262c32fd614850a872943648003 SSDeep: 24:UvRT2qOqUrY93WPJhuXtAdXHCLJyeVAtZrkBh/kpJz7DNMd998nvn:UtWqUrYZCd3CLJyUAtZh3DNMKn |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\11_All_Pictures.wpl.RYK | 866 bytes |
MD5:
5f2835ab37dbf8267e265e3cbe8938d9
SHA1: 7ab6923e727279936dc573734a6553c3d6736c6d SHA256: cfdb3d948c6acb46e5f4a1c841fdda5bb5e68ebb5ab0e4e113e99777970588fe SSDeep: 24:4sRdWPOH5gK+TGeZuM8JWWO9i+XCKJ8n+xBiFzrLLeOu0dCXHYX:4UdWtRyeZujDhONNxMxypc64X |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\12_All_Video.wpl.RYK | 1.33 KB |
MD5:
4b4a39371697ad52d7c6de9414d355b3
SHA1: 22553e68463ebef0102e3068e3c7916474e89d25 SHA256: 02e06db7913dd5d702f39bfad6fe0697a0498bb54814ffb8af344575305f4c58 SSDeep: 24:ILUhR8sFqNpoWdbs+5NN3rGkyiBQZ0cL2oxgMMtycmdgnFLjjHAH21o20Z3:IFfNpnZs+5NN3hCco7ayqnFzHp1o20B |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\0000E713\10_All_Music.wpl.RYK | 1.31 KB |
MD5:
1e88c5091312b3b42318f63358dac0ae
SHA1: 27f2e88d421a76453b780413a6caca71db77b883 SHA256: 0f59032179183ffbdc9218cefc26f419d9e5f62ddc0fd994780c673f503be74f SSDeep: 24:9SPnHzm/Zu2kQ3dN0M/4cE+IRX30JHDoN4er9UWCkOUCWROw3SjxyWn:9SPKDkQNNr/4cEdRX3KDo/WWCfcOcSNb |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\10_All_Music.wpl.RYK | 1.31 KB |
MD5:
66b3de3ada6c4bd321261a21ea5c378f
SHA1: 733482f5094de7df0fe01a51a14ce619cb2ee528 SHA256: 88ad931e9a3e73f23d09ec4b2211cd4dc8351664ce85bb401dc3310a5c58cd8a SSDeep: 24:fWN8XZlWCBwk/attTYzvvHv8XhCydflwNvzqUglM44/4fetegijikIuTD0DIQZ:kOYC295SHHvLydflszoNGsBBo5 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ONetConfig\350db95df4cbd94b2a1c300510e12e11.xml.RYK | 2.25 KB |
MD5:
772b363fcb6d56031d5d7173eddebcad
SHA1: 3655ac53a39b1929d096da009a361c78240d5c23 SHA256: ffd6dd6cdfe32ebec9b03a880f091752a89ce89e8dbbbd87d6db816e9ed16d1d SSDeep: 48:DBhfEFjTmcmqE5gv4dHzeBdDUuXu/EQJnYvYyGMbQNZOXJ5LZC7Y:NhsFjT6g4HoDUuS5nYRIAXJ+7Y |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ONetConfig\350db95df4cbd94b2a1c300510e12e11.sig.RYK | 418 bytes |
MD5:
16c7eebb3f5df9e9c2a42d548785f607
SHA1: 8d4a422a4f5e329533bf0d18bf091231123bcc5f SHA256: 5a8cf142bc08e27cf0940201bdac20f6309cf36a14c0d1814d5641391a7069c7 SSDeep: 6:Ii1jNB3Ue9VUwgQq2w3A4uzMs7BZyoLlVEjnMVED6U7MTGi0LtOMyazWk8weEBCO:JB3VVUL0w3D8ygSMV8slMyaPHbH |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Backup\old\WindowsMail.MSMessageStoreMusic.wpl.RYK.RYK | 2.02 MB |
MD5:
87c6722ddc726fe80446d0fc4c0abf9f
SHA1: 8f5da038f94dde1c3b57df55147d6b142db81599 SHA256: 54f45cdb513da4baa2e015c9785eb6f0f734e5076cc433d8a2b7408a7ecfc5e4 SSDeep: 49152:4dpIbxXW4RxWptIRH0XLi+h5QndxYMd0l7KTZXyYMEFTlSbMIhuw:4dpItNQwU2+hmn7q0tyU6bzuw |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\03J4UQW0\desktop.inideo.wpl.RYK.RYK | 354 bytes |
MD5:
eda42d86af495ea8334cafe549ab4851
SHA1: 7c15db8243ea9cb787ce055110c944987e72e2fd SHA256: 0803f99f38a42283d4f5f15ecc9d942590503ff650d59727ff348dd083d45a72 SSDeep: 6:vT15cEAjQ/faDUL8COsCCCx5cktcNHtYKUU5IjG0V8ANp+xLYM:vh5cEAIYsCCCptcVtFUJlE |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\KETAJP6D\desktop.ini.RYK | 354 bytes |
MD5:
297738bb4c48f02f2f8b357aa0bf8179
SHA1: f449b3d23aed7f05c9f7093428d538cab706a094 SHA256: 8837b5246123bf429c434ed04c9f9a52fad7fd911e7c5848f789b3734b44b9a3 SSDeep: 6:LwjH2nl3ax5AsknmCpqo/VMD2LlszeOXfM7Wr2zzLM0GVdAw7k7uRqEeTPN:Lwz2awsumCkoSqLOZ07WqznM04Y73N |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\VB18B0KB\desktop.inideo.wpl.RYK.RYK | 354 bytes |
MD5:
d8376ac62fe4641be926b318e7f38829
SHA1: 3bbb79787c10d64d12bbde95c45904bfd8b5d848 SHA256: 4fed3e425e1b6c2cb316230e7d52f0106e8807ddfdb7fda11fb3f820e294a3a8 SSDeep: 6:y+S9QDQ0gHhTSghNXEa5k0exdmpPaDWvW3chQUq80gJKdhNcBUuDRhT/uJ70lFn:yJ9Q83HhTSkFEa5k0ex8oPG7JvyhNcBn |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\meversion[1].RYK | 4.66 KB |
MD5:
7ef123112b8fea5d69ec6a1cf1182aa0
SHA1: 0553c34abb70a09b0c6a7c4780234bf301e89b9a SHA256: 46dbe0b641dabc80286371ca3c11aa09337c2340344d5ae5785216d3ca984967 SSDeep: 96:t2lkwWaYZVFjjfdimd6SUx3P+mRHXhTg/hgr9Z0w7RrqjuA7A:tikw6bPbUhLHXhTKCZZ0fjuA7A |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\desktop.initaEvents.RYK.RYK | 354 bytes |
MD5:
34294a3af7ed9908e07d206b2d65f8b3
SHA1: e3949e4fe5e40c1fadb720ff52a7e01b8dc13b8c SHA256: df2d6d16a92547e945091373dfac572a03a15e4abe057942960e6455360367da SSDeep: 6:h1bar5fYaLjhn+KQc3CDIkuttD5a2SKNqr1+FvFAOcHcb+rvPNYvie9:hIYaULGIkEsFlnyzFne9 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\28-8f3193-f30905ea[1].RYK | 231.60 KB |
MD5:
dc2cfd907f8c3e70e23c0e3b55043637
SHA1: f6ae405d8316d8be0437c12df87b85eae382ff0f SHA256: f4be7dc0a11b276310e18b8e22edba6e10e3b6a9b008940d1124e741fcf6d796 SSDeep: 3072:ICDiDEh+bi+S/uHfn1zH8/n7NoSHsrvY8pPxliE6FGbUPjUAIp+PaXsPT7iB0yoY:bR+S/g17KNBsrxtx/aXj0+SX2yo2G/e |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\ie8[1].txt.RYK | 386 bytes |
MD5:
6d41d34dde98521aeaf0eb96605e1f61
SHA1: 3eba48f722e6fa58cf1734129b9878e5c6f6a627 SHA256: fd616e33d5ff87982397d2f5ab5e86fde69a0be49b7449a0958905eadc8800e1 SSDeep: 12:NrOYKaZF3bJPWpdzep7sxVt9/bhFSRr90:NrxZF3bJupdzeexVz/b2rO |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\AA42EP9[1].png.RYK | 738 bytes |
MD5:
d74d6c165aed7567ffbbc45d7caee632
SHA1: 86fafee6e1f0d85e5ea710e1f7b3f9cc84cfd4c3 SHA256: 6c627a894dfbf2d2dd1f10386a55faa33baa4072ed296d52367fb15a6f8b4e5c SSDeep: 12:ttu200ccmnDN7WRku1MOe2SZAIiusuckRvvoaqYvlgwSaCKHnYvYdhERC3Pzy+:20c/Wf19e/Riu3YWqsCKYvCk2Pzx |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\BB6Ma4a[1].png.RYK | 674 bytes |
MD5:
7a0e97fc9b75008b23eb4c9ed4b20d62
SHA1: da3d3a9e9389162bb06e1bd74d7235adc9a4ebef SHA256: c8d85229f29ca34d3880d5bf3ba63c3822860f0ad28b0ec924d2eb6e34b36af5 SSDeep: 12:ptjFoK/QDft/rwrGwfw3A1utkJ0NYPUTwC4AQjuAGiZH14eI3DyrJxA1WAOhzMB9:pRR4/rwinw1FJxgwH7juwH14eUDyrsxv |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\AA3vOVA[1].png.RYK | 930 bytes |
MD5:
9321d6d5807c8b43b6a908fcb89b4a7f
SHA1: c6d83905dfc9c887aeaac28a11eb29d437a1e7ed SHA256: 40421cd5ec0dd27d0e04b39942508a3a6bd2260c9660b831a5694b819f48b7bf SSDeep: 12:fsf/85NF+ln1vxOJmA/aGiUVWRrNzaTu45vlFDQWDsCLbyyv7KekRuvFWDoqUV2:SOXC1tGuBaTuQ9GEsCLbyyv7wuvk1 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\BBC0rDa[2].jpg.RYK | 2.27 KB |
MD5:
93be5c207c34c1866713a1ffb97c8938
SHA1: a38b60a88f8db63c565b20231c5ef35ebaaea25c SHA256: e732abb0863505dafa9029bcbf4ea9a0c554be636fa915a60e920011a4afc277 SSDeep: 48:oKVyzjEiWofvdPsD2gQra3n3V/Wzcxc5i0NaVgFyFpVeGX:9VyzjvWAvd+2gQraWgS80N8JeI |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\BBDRbsH[1].jpg.RYK | 2.33 KB |
MD5:
1d63135c33e99402e10684e9686df65a
SHA1: 375f6c00f5e6f9dd5b880b51cb850a84f66c6e3b SHA256: d060b7c232ae90c559f465f8ced1b613ac2942ce95b08a11ec97dd8be2ff3613 SSDeep: 48:+sdRvggEdl/4280QuJmERAeOxb0Z+H3Bz5O47KXy6Ea6sU1dBrbgAUDC5:+Uvg9XQ2828ERjOxHNUy6E9sKRUU |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\BBBVGsM[1].jpg.RYK | 7.88 KB |
MD5:
32c465420cf6c64f76af4ccca55c16b7
SHA1: 82513f6fc854b6458ec41ead2f1187384057b31b SHA256: 4fea8219de0fcff855e034b2e40a030c83f27ff29f048eed4c329845642fc796 SSDeep: 192:ALVxxrclTb+C0eTIC8MVt2coUm5t1sgvkWDXmc+Cu5+:ALVjyeHeTOMicoB5jiWNTs+ |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\BBC0rDa[1].jpg.RYK | 6.41 KB |
MD5:
c9bbdb086355f577fddce4e19ae00113
SHA1: f7d8475a65cc5167efdf13929ee7270db31f56d4 SHA256: 513a0e20e90494d44a94355ea1335d424626dc3b304c7307b55a4510df4659fc SSDeep: 96:abjuMbhseEZmXFU6EOr0fAk3rWGhUVzgVaud4VbsB/0uQuv4:KiHe0uFjEa04IhUZ6OVe/0A4 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\BB1CcOi[1].png.RYK | 754 bytes |
MD5:
40e6ac20376319bbbe116b61d0421930
SHA1: 5e3dc0532d7570073c3386a71f36a811e8e9209b SHA256: 51b3d7ac09c057c49a8feb2d87a284c29a2967cbd30e51095d55a1d03cbd81c6 SSDeep: 12:07Ki/OKDrF7+9nA5EkqHpzGhZ2AOadyF2S5nZZBPCYtHx0zxyXm3cnsVQAHu7MC6:0eiRBOA63qhZ2ArdyF/tbtHsy4+uWMTf |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\BBEdqEy[1].jpg.RYK | 1.92 KB |
MD5:
7bd4d4b211ad53c0f035968b059a2a5c
SHA1: b6834aaac7ebf01f206e924ed029afe075cd5fc6 SHA256: 619ae649e2dce70e518ca0c515841de235c53b000216afa0a5e137d5d0c71419 SSDeep: 48:juMxL7dNfExS5oxeUKV9F00ZahB5mhHQ9Oz6tV8Y1dRgL:6MxL7dNsxSOx9k00ZahB5mJJ+taY1dRa |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\BBEdtWw[1].jpg.RYK | 1.99 KB |
MD5:
e2880400ddbffff2895402aa9412e311
SHA1: 454f4ade857b4be1a89b0ad96047772a20eae702 SHA256: f9789808389928e4d724261e4bb408e88f4809d205daa8c25adbb9ee98247dc3 SSDeep: 48:NaJ2iruCFSi6B05VQhY3WyJ1Yik/eagfpPCJ3eYv0:8MiruCFSi6BCW7a1Y23MJ30 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\BBEdoQv[1].jpg.RYK | 2.64 KB |
MD5:
ec3fd9b073a552b57f61d8b833ec25a7
SHA1: efd55e14b24420ae120e664f0b54211823dcb0e4 SHA256: f21eeecaf93e1c42813d8cc05d5a686864b9af05c62303a4d88263e3aee6c611 SSDeep: 48:AmG8uOMnkIbKV/e2y8qf87sswvEoabh5dhIMcWPqH0GX2FYoZVqWVaCq:AWIs/I3f87ssruRWCH0pYoZVqWjq |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\AA3e3XC[2].png.RYK | 594 bytes |
MD5:
6b1979e0911e631359d25bd406fdc31e
SHA1: c4a7f8c4e24475600a84df402b2783282b446b69 SHA256: 98fa3f1dc4d4ef42824addbdcd45b6b726aff6aaf1bf6bfbf16297036a51460c SSDeep: 12:04zB5w0D8ehUZuNFjYkGJEtlYDoicPh7xcWYb1KvJRpgKP:5B5BtBZoJKlYEi+JCWgGJXgKP |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\BBC0mlu[1].jpg.RYK | 1.56 KB |
MD5:
5eca9e3a99cb42b0e9f9810c80654539
SHA1: 9ae401d7d7b37e3a6bd7321f182b11d9ba8d50bf SHA256: 8e72f04a740ddcdfea946a10f8871a9221303fda4af6b60c9dae40fb97d18b8e SSDeep: 24:xru9vh2wF0q47cMo+lXBR0iHx4ET7LmK2EfCV0gaSMtX/gRlgNF8FF5LqWLqt:xs5Yq1MPHx4ET+Kz754jvnLqt |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\BBBzxW1[1].jpg.RYK | 9.46 KB |
MD5:
83322ec6064740bb55a62d1f48556331
SHA1: ea1f3d02bde2644b9cbec355b9ce53c3be0c6c93 SHA256: 2b1a60c9bccaecb0f8e7a55f71c0309d8ac36ac0bbb12957818110fb70d76a6a SSDeep: 192:e2bJVggsZ2YLMF5/Y9winsnM2kB3TaJjyaTEYSrGbSDumj2:9bf6Z2YLig9LnsexatEY0uk2 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\print[1].txtHEV1.DAT.RYK.RYK | 450 bytes |
MD5:
3b7e11b7dedbcdadfde78d028a1ed6b7
SHA1: b117bd96e50bb670a98b5925635640f939a0c06d SHA256: 5b69a6ca520565380eaebae9356aa8a0682301581a1cb3d3e102311d56b68bfd SSDeep: 12:X9tg3rh08qStujUPvWSaCHv5rMQGiIOkSX4U/qngo0K2:HC08/+SaCHv5rM+kViN |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\th[1].jpg].jpg.RYK.RYK | 2.55 KB |
MD5:
1edd0739252fcbcadf3804d74347800c
SHA1: 4a628a49d26a9820efe21194ce32176efbe4344e SHA256: 63c39146f32f68589e76070015230a518609307c8377280cc665ec14539e44cc SSDeep: 48:FZLFIkP+8yKBigEWrJjwlnNAOG+2BmXHp7Log2Fnygo0x1gyi+ngM9004TN:FZxIkP+8yCj8+OBqmXp7LT0QyXgM9Po |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\desktop.inijpg.RYK.RYK | 354 bytes |
MD5:
f4012ca01e35fb22e97820909de114a6
SHA1: 879c9b10f4440951bbddf6930b473735a05622ef SHA256: 3550f753c5b08bc8d6bbd02794df35c04babcf7eb592a66d931de3eb38df9697 SSDeep: 6:D8nXgOfY7QIaFNam7IkHwdOn2P8AYoKZeoQiCEY1A8ox5ailxda80:DMgOYQIaym7RhnQosEY1A8clS |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\adfscript[1]ng.RYK.RYK | 10.39 KB |
MD5:
4bb66762c344d7e8b943f06dd072ebd9
SHA1: e2e4dbc17c1e2de5e49f530e3fbb8b8fe2529ea7 SHA256: 638063a677aa88766d5645732cd8ac63faa3d7d5efb1bd6010c3a7c30993101f SSDeep: 192:cfdB+qI8R8vJHAAKoOR/XpLffPJykinUNu71EZJxQfj8qSw:MfPeR295HPJyeNu714YdSw |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\adfserve[1]png.RYK.RYK | 4.05 KB |
MD5:
b7a92f95ee17cc759260f5c92426dbe2
SHA1: 5b75e69477d44bbe5dede384ae1f949b4f9a3773 SHA256: d48b98ccb859102eea92cb7659596b94a84596c6cd5da324e79febc06c70090a SSDeep: 96:/sx02/Chs/mHBWsjtGK7QQAKY7KiMkNEoquAWR:/M02/ChsGBmMQQFMACxquAWR |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\YG1R61Z8\css[1].txt.RYK | 154.71 KB |
MD5:
c01c8dbc8faddf7d5c35f9b18a26e6ff
SHA1: 3a5786537b4fc813eb58b979c2fb47d3874a0571 SHA256: 055b836090593da42197702a9f170fc447f4107902dcf6a67ecabd2a1fa491a0 SSDeep: 3072:Dt3vG0LSlJ3x46RJknbnpW4/6suYbJnHjZCr2PQ2u60vbmjS5whtp9:BG0LyJ3x4gGP/xuYbJnHjMr2NAbQh5 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\YG1R61Z8\adfscript[1]pg.RYK.RYK | 10.39 KB |
MD5:
9ad652de43ddec72bcb1ab91db0a9533
SHA1: 57a8e314258d5de03cb538300c9f3f574ec79637 SHA256: 070aa358a87001e9269f7bb7ee5ad536fa04a77a1c1cd02e88bf50745f465bfe SSDeep: 192:hOO3mIjczc0W++4JLVtE580MVZIYuiZ+AyKK0Crm5MOZnV:hF3mIS3LPeCIYN3lKEJZnV |
|
|
Modified Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\ga[1].js.RYK | 42.35 KB |
MD5:
ee9202da5b792b97b284273fbc1b796b
SHA1: b5af37536a13af1322883bdb0d2929dda07cc2dd SHA256: 673a0b22e2cb18366da3a92313c26ed8e74a188c5691f26d01692e0ca59ed96e SSDeep: 768:XNWDmE2vSjjYB4d3GcoUckn9DtuVfKaOSyF5ltguH44IK8xSDsq:XU86Gc+kvuCaOSyFKuH44AEoq |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\528d82a2[1].js.RYK | 11.97 KB |
MD5:
053686ca0b3ac0f2966a07a4b86cb9ff
SHA1: 24c6c6fa9b05cea61c4b773ac828159b8c4f1a6a SHA256: 3e6c5dd5cf9318af9a5715c34ab02bebf40eab6a7cad65f7ddd61b6b7adbfc00 SSDeep: 192:pq8o5I9sx0IsNjXdmiKJ8mspWYo/414DWgh0zAhnF1JNW1fnocR0tXphAWeFzSc+:pTo69o2N78JXspWYo/GFUFNNgwB8Wekh |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\player[2].jspg.RYK.RYK | 24.10 KB |
MD5:
723cb47194bbe21a9c50df50d46665ed
SHA1: 30fd49192513efb6c40770da34204f94eb7b0663 SHA256: 0abcbb36e6e58f11a7087d5e13ff07203db9f950f5be7dd4c725321dccf04d3e SSDeep: 768:kQPEzf9G3AotYsTIXQ2lHahnbdMabvqzGI0Zh2:tPEzletrT32lHuvvqzmO |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\player[1].jspg.RYK.RYK | 27.13 KB |
MD5:
14bcfc99f0cad7daade66465c44df21a
SHA1: d2aadbb3008e00f48de4bc65f7297d7ed90d466d SHA256: aa75b6b6d88247ad36de55f8d0b7a2aaf0cc9579b0d4797e79742deb831599be SSDeep: 768:mViqlRUadY+l2CSPP0FqqDWiAUN3VT1s4bG2:EiqYad2VHIqOoUN3VTPt |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\ast[2].js].jpg.RYK.RYK | 70.33 KB |
MD5:
7819dfe741f2528ebc0814912aeb3e78
SHA1: 96067c2a5e95da690ea4694540e44f5cf9c4614a SHA256: 44f09f0328804e4f1f2a34fcb9afdcf86a802e1d918335ade167919e025618eb SSDeep: 1536:GQCmPpyIozM0cgonlud5IG9z95qVkAy9d:zjodWa5Ii95qVk7 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\YG1R61Z8\ast[1].jsni.RYK.RYK | 70.33 KB |
MD5:
f51f85d6956748470a1570ce1a8b3633
SHA1: 2b575793816a5c0c65fabda4365977606822fa2b SHA256: b65b855fe899fe450ccafae6c94b58081afe16193dbf3b007b892296e5157df1 SSDeep: 1536:p7rgGG11+Iv+opRMhkHdMI81TVNV4aThy4a59J4d7zE8AfnBD9L:p3gPfy0x9MT/VU5HWzE8sL |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\YG1R61Z8\adex[1].js.jpg.RYK.RYK | 36.74 KB |
MD5:
39eea7ec9a78e3b534953d137cb55dcf
SHA1: 1c7385d28e15b09456041f51d0c97cbd293d8a34 SHA256: df2bb18d593ec7c4a2703edf3a65a5eedc0536d35bb31c086959d9dabf7a053c SSDeep: 768:a/f9b5SAKg9wvrJCecP7NXaA+XFhWom3yeuP2+ERY5G7A:IfV5lnAVC/+1hWoAy9PGYs8 |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\temp\uvmzvep-wve9.mp3 | 64.56 KB |
MD5:
9972a1ee6011db0515e53c75fc5fd982
SHA1: 66e56d20f5c327827000ba6d656c82695259fecc SHA256: ae5f7e4c9534f92dfd839fb81b13db8b9385742b38b6c42ee08e359d62661301 SSDeep: 768:8fTBUCq4tpsqVSAsVv9lcvfhKwa0lMxOEl+Il4sbfaS8I6XsB7woPp8DtYlLXIyi:8FU14vJSAQaFabzl4a8I6Xa8g7lNzNu |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows mail\stationery\green bubbles.htm | 514 bytes |
MD5:
ee442e210626e6fc52c11a823bd3afda
SHA1: 529aac930108395c8d855a39c010d2183c067a23 SHA256: 5ef9c6c9fe9e21a83fcb450b7a6a93d31a7d9b7011b9b4a802e00e5d2da2034b SSDeep: 12:cvb9q4RSm9jdkuRZFEi56VIDl11Xvk7/C1nttticlbfQmS:cTU40Iai560fntttpD+ |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Bears.htm.RYK | 530 bytes |
MD5:
4fec7529f20e63128e127ab2c41f8eac
SHA1: 83cbd7a6f2c2b5013351e9afd9869d257bd33e8f SHA256: 476d6e6c7330528ba065f3b6e9bfe94503b5b2f5b93d18690103a51fe6a9a00f SSDeep: 12:GFyPl78VyRhhT/fXWasuTZ2LnmZYGmfviSk0nJi2:SyP1fXWasuT8nmZYGeT |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Hand Prints.htm.RYK | 514 bytes |
MD5:
d4088f973049001a4bed0fbd8ade85bf
SHA1: 61933c0ac555b7d02ddc921aa8e037c06c7ce9dd SHA256: bfac70284caaffa1b08df6e561c284268028ab32afced21b836e1830334a4955 SSDeep: 12:3ztn/qYwxtGr73pst7btbUldhu699xV87w:3zOtibpsdWHd4w |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Garden.htm.RYK | 514 bytes |
MD5:
6b2646137f0fb5390ba64b49b60623d9
SHA1: 5f139fa32075ecbe612f95c47ec16668fd1392d4 SHA256: ec5660f95c7c8875bebf6aaca3f68951b8a5134bfe5601fe58d8743606a5e53f SSDeep: 12:mTT7eDJjXpY0ktGs8XbQAySvaVVNAYQSD0W6X5/VsoYJdd/mbox:mTTs7RkbkaVHAbDX4oYJdiox |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Peacock.htm.RYK | 514 bytes |
MD5:
0e5c2c48d36d5f4e2c70daaeedaf2c2e
SHA1: eac536a6763a93529d775541dcf07d594019e336 SHA256: 55bbe56d5f9547a7eef9d8cc8734334af4c9244738097743b3ef6e96e44539bc SSDeep: 12:h6nc9EHEgIU7rDbHpcDMkWCyNjf7BHFXk2lISODnj:hd9uSU7/CCflH+2lCj |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Stars.htmndex.dat.RYK.RYK | 514 bytes |
MD5:
53dae1146fa105f8ca894b4078fc8569
SHA1: 735eb8ccaac3e7557b9cd41d2fd546c4887bc50d SHA256: db5685028059d91ee82de9c540f8ce69abf1d569118453e0b928d7ba6879125f SSDeep: 12:14GBK87Svkkm86VcxTO5zX7A5hbz8wVpQB:1RK87kkk9xTpbwuQB |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Roses.htmt.RYK.RYK | 514 bytes |
MD5:
a71f586b6c144be6e745a14ae2f23981
SHA1: d7b92d7dcaef6d559501992989bdd021469b3ee8 SHA256: 0d37896b934beba75095a724a526d9ddab758c4df7cbb5e3e00ed4a98f78d205 SSDeep: 12:r3QU9xQSNaI/+sH6FjmE76m7gN2xsj+0VV4e70wqW:r3/QWWIE76m7gNHZVVt0dW |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Soft Blue.htm.RYK | 514 bytes |
MD5:
622ce858b81fe1cb6eecdee9620ab7d9
SHA1: f1f657821ed3bed1486d2d87417932b4682092c4 SHA256: 121233dcbb1e0122bb15e18c693cbb6c8b0ee486e64d446e5e7ee8684b926510 SSDeep: 6:nYRkcLr9eqD+XRh5gEw02z26j5/fAWWdcx+cK/oZ0g2hJdcd0Klg2iC83j0HV4AR:QoT5gaVYfAWaWkQ29cd0R2ibj6/7a9xG |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Orange Circles.htm.RYK | 514 bytes |
MD5:
2ff53aae4c37f79c95ccc01220b62a9c
SHA1: 8eab7fbd703fd6d2c2246ce8dc9bc6df7ec05be6 SHA256: 71ff4c8aa73d6a0474d6225c130754d2d03c4987ef42f9dc3e8c8178c0181eeb SSDeep: 12:q0ArHQjEdctTXYhjCWuu1HBIVS9cZl1rL/WC+8ISz:swmct7kBYVS9cZfJHz |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Shades of Blue.htm.RYK | 514 bytes |
MD5:
579efafd85a6e0e13e530f96c23587b4
SHA1: 0797afd3032a3d03766d38011c0b4f466e2960ff SHA256: 98c134e5f7150a81ecfa2e02c30cc05183320ad480ceb144791e09d8b2a48699 SSDeep: 12:ORqcpBhij1d7AbEEwSXnpO6MF0bNBgbJn52zcKr8sNgfrNIbG:OA2BUj1dMumMFKNB0J52zcu8RNz |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\yg1r61z8\msn[1].htm | 2.56 KB |
MD5:
d47c659c03aaea8fe7e5d16b83ad3b49
SHA1: 735bdcb8a2acb57e72ba362577f290b5afb2f019 SHA256: 02adb38d5a97ec5b975e99fde0720fa03bf663bea9d60170f53ae4773840b360 SSDeep: 48:1k/AC7DfwDP4sT07/YMsX6zSQP6nCvczEFIAhYVpV8oNlipyPWrAU:1k/ZTbg/QyCUzgeV8oNlicesU |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\XT1RPYG9\desktop.ini.RYK | 354 bytes |
MD5:
39d001b0e64207b0e3b7b31cb83d3d43
SHA1: 0a896f3c00ae2e72750df460159219f1fe14d93f SHA256: 2cbc4fceec6ed084546d987a9da89e1f7beb3e5d2aed32945c05406e95a03378 SSDeep: 6:s/jF6EgWn2DtTNqaENqoZRqhEjcwNkoOFdaYiBd1nJnTDc1aOrA7eio4y+elI:EZtcNqaXqjIw4dard/TY1FrA7i4y8 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\Passport[1].htm.RYK | 610 bytes |
MD5:
9617753f83fde7e471e751590df231a0
SHA1: ac1ad80b1576f025d41db1f235e2c4cf61d4adf4 SHA256: aab41ceaeecbf7976f322f1ac942801a0959999e282357ef5b0491915a1c4bb8 SSDeep: 12:ZvLhC0ZYcQG+nnJyMaZJNNOLG/Uk9YW0e71RbUe84BCtYMpK5aK9Ln:ZTM0ZYJG+na7H7M+06j84wGMpKEiL |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\postmessageRelay[1].htm.RYK | 786 bytes |
MD5:
d19aaa95a074546aa5717c83e2318819
SHA1: a65a9ec1b86c3d1598fa1d87e4463175fd8313d6 SHA256: 9a775b8cd34e74f7e7bb5a1028fcbecd669f0e0c45e289bee8f5862300760864 SSDeep: 24:IHaUd9nLj/IMczalQcKHwaL53pcLpocWwfjVx1:IHaqACJXaLQLpl17Vx1 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\index[1].htm.RYK | 45.97 KB |
MD5:
555804930e45297029a15b93103dab0d
SHA1: fcf8745ffd5422cb1a788358dc4cb79ca8a64408 SHA256: d958b09b24124d0f632b9101a6bdd039d853cb0fd302ced57af857c998202ee1 SSDeep: 768:kWsg2A/qX001szNHkcMrZZjuFSDG8DVbdGy8i4vmH9Y6V8YXRgxtOIf0bxapW2m:neACXRsO3j7KOVbIOUmH9Y6V8YXwxfY/ |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\YG1R61Z8\uid[1].htm.jpg.RYK.RYK | 2.83 KB |
MD5:
f4510e7fbceb3e600b24d2a6e57217c5
SHA1: fc40d96b147f290faf1a4edd1b58a6dc4b83e268 SHA256: b94e556f49968f6cb123787ae24725358965b11f02623946d07c7d874de58e09 SSDeep: 48:ww1Xoz8RRIHDGEOGmCAIhI2gIS+c5HneH6O4AyeAOJ8cLsezwsJviuVY:ww1XYec6BnIhIdIS+E7eAO3opILVY |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\YG1R61Z8\26158[1].pngng.RYK.RYK | 48.36 KB |
MD5:
d553b06ac0cb1fe3a0e0d8185cbb3323
SHA1: 3792b5bfea4dacd292098197d30602990f10a6cc SHA256: a32b75f6478ee05b2288561e2cba103fd60dfb7da605616a48271fd45ec6d388 SSDeep: 1536:LShLGEVBmpWnufzLCM4ha7QNV1BxZe4c+t/:LShLprufzLJ4s7onsU/ |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\UserCache.bin.RYK | 75.94 KB |
MD5:
b4f79bbc7ae933358159f45898cab4b6
SHA1: 856730949d50d0f48a4e670716057a4727257970 SHA256: 66d348a1b9a0c8dab088952f32c9f0407b79d0d379d2347b571c6694490480d8 SSDeep: 1536:4S9lc3Ha2v7NLYnT3euKX1dMF8O6q4dLRsFa4RiYO:07v7NLs3e/X1U+LRqUX |
|
|
| C:\BOOTSECT.BAK | 8.28 KB |
MD5:
cb84a529aaff939296d0f8294a41d988
SHA1: b460e8a8708523e9b415c89e79f0b43b19b20b02 SHA256: 762eab6a24c774ffdfb3bdfc466aadb64d40156a2cd727fabd7d41fcfb82b9f0 SSDeep: 192:9rqkmkrgrEdlJAGF8yraw2OSFkCbff/TdHc0pUT5tVBkQ1sn0y:YkvRdF9uwXSFjjLg7By |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\history\low\desktop.ini | 434 bytes |
MD5:
f459498f4b8ca3f0d63542557a6d1afb
SHA1: 683e1d4f85d071e904f42b43429e90e084db6dae SHA256: cb99737ee8da8625972c5d9dd2196345430db89cc101d0ac2ce97e28c8bf450f SSDeep: 12:rZ/lJeXMtkKru5jlMJbmCnYSJ1ff4kXDqPWaYlEwtGZoxF:rZtYXMu+D6ChHfNXDNEY |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini.RYK | 434 bytes |
MD5:
b3b84c42c0370c4f7840111cf40b6f1f
SHA1: 969c7d7dacacd0bbf9ddde4222715d7dc9e074a0 SHA256: 8e10057db875b2819af0ba0b708a5a9413574e1de020cf451a8533e94e2f6941 SSDeep: 12:4yvVyh9SurSkr6oZadFzKRcvThJcYOdyscKX9R4:4iyLBekr68adRKUT0Hdlz4 |
|
|
| C:\Boot\BOOTSTAT.DAT | 64.28 KB |
MD5:
49e51a83076d962d283d9eb4271987a6
SHA1: 0dca3b878be392a96fa0e6862ddab1ba326c0523 SHA256: 2c6886f3f4d5d50a0091e2de4eee10a65d7153e0df0939d6e883f05d19d5ef80 SSDeep: 1536:W8wN3ryVX10ynbV9fT4ZXoCfeE+GTY5lUESUNp1yXRD7HJVJc7:PA8X10QbP8XoGTmlUyp107HJY7 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeSysFnt10.lst.RYK | 135.49 KB |
MD5:
00f1179ec97cb4b8ccd7a509664304a3
SHA1: f01426f4196c0c6c07e5b657ebef3f9ba5d69144 SHA256: ca6bc26ae14afbcb9e6f6fd73b0471f1e0b89b8a0fcd1625711c5e8800ecf6f4 SSDeep: 3072:kq9eyCkzB43YBuaYPaP/0YMm1umsp1J7xtOJIywDkLuSNOqx:km1d43auniMmomsBFtgBKS |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\SharedDataEvents.RYK | 5.28 KB |
MD5:
cbb593ba1070628e00b0cf7235360b08
SHA1: 722dc506f7c5e8c9d1abf797bdc243fd9f991029 SHA256: c0e64a6addb7f89ba178ca377aa36742cdd5c4b18f079ae236249667fe845efa SSDeep: 96:cIPAfh2U7UQf3QASV7XXYQW5lnWHpO9HUOOJGYGbfFwu96Bst9qkRA:zPEwU7UYAAeXYvfnYp2cJGYGpa/ |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst.RYK | 34.56 KB |
MD5:
7fde72023dceebae31500eecc4294008
SHA1: 73c06f3f985ba082f99fc722bd000eb011b9828a SHA256: c150bcc1b17424e366a83dcb35da62d72245155a86416b30b83efec2467e88c3 SSDeep: 768:aNZJNWLK/PUvLnMm5WUwdvI9JX1zll1VbQCwyT1q:4hWLKEvhWUwd0R1zll1VbtxJq |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK | 1.42 KB |
MD5:
4fe627757cf36a28ece91b4d679cebf0
SHA1: 4b30210cfb7c0dcabef857057e3a34c24e45093b SHA256: 45a822129b41807f9bebb03b08031077dddb7813561dee89c2fb4ed5687b6485 SSDeep: 24:OKoMD0b/qW99ukfxDEGD/wBLEcnWrAkpth6SUMRHl4dMe9KAkwIkWWJzo:OVG0b/H9uYFEGjKLE/rrh3UWH8A04WJU |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK | 64.94 KB |
MD5:
78f1358345bb7a72f3713971ca7c72a3
SHA1: c6f8ff7ff41988ec97d75e6c2b88addf477c4199 SHA256: 14ce307ddac9b396ed62d8a541e953299498ed87c1daf51d751206b02cc948c0 SSDeep: 1536:kWXieTWEd64Fr0NpekaBeNYOMDpai36Tw1zZF7R4Bt/WvdBqF:kWSeTbwErepescDpb36c1zwydYF |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst.RYK | 52.22 KB |
MD5:
0274b75d61446e17e6c1b93b75fcdd49
SHA1: 5cfabf7d40a8489331205a42bcf3770c40339c0d SHA256: 2ab7637c8b219b86e972cee4b6b296bb15dd846268c878dd02d26990ba1576a4 SSDeep: 1536:I/srcv5l4dah7jDqF9ugjw9T1kLFcAHjpn:5cxQgHDngjoZkZckl |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK | 2.89 KB |
MD5:
7058e83a7d360ff14655d6e3ba74ed8c
SHA1: 7425ec2b46841226f936949cfcaf5d9d3aeed8ec SHA256: 3b20a5bfa8e6ed451245238b53275b7ec522e26d2895962fb4f87a6c173e9beb SSDeep: 48:jFi7lUwaKe16KliuObMBeJyY79nGDjvLg3qIE0mgoTBGx9V+CUvf369fCVWCiDf2:hi7lUwaKzBbMBecYMbz8mpTIdUaGWFT2 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db.RYK | 1.15 MB |
MD5:
354e683c329e94cfa06d7de0ae4a6d93
SHA1: f3a92cba72ff93cc55fcabc56d41846a92700561 SHA256: 14d92d1aeef01c2be6c1f83647491a0e43c8ce2c48ddfcd20057224783324cf7 SSDeep: 24576:wAzvKS6LUC89rGRLju5XjuVqFz+j7VQEOAO5OiHR:KHUCDvE6VqwCEOAO4ix |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\GDIPFONTCACHEV1.DAT.RYK | 106.55 KB |
MD5:
29396e88281de23da980d1bcc76658f7
SHA1: 36273608cea8d5eaf71a0dce1990ce589080a605 SHA256: 6c15591511c775bc7cdf35d791dc87a3d7ecc8e1e6984e78097c609312bf0579 SSDeep: 1536:bXYOrT8VOjk5uAqgp4mcbM+qCoa0jcdyGmtoa/7Kl2mrED3JnFLy87dOQgJVsQ7U:cOrgEjQ/Gbtt0AYGmWa/+lQn4uQH7Ud |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\bamyKU.jpg.RYK | 71.94 KB |
MD5:
d036a10c6f77a2722719383dcbdb5689
SHA1: 9a811a0d53a32e3356cae42a73d3ef0ce2ce68b1 SHA256: ac92b8b34e7becd3570a61d1dc59875da9d987c509a21a7bdf68b9e6b99c7987 SSDeep: 1536:ipjDvmD6MXj1VDx+KC70reHp/f805L87NXw+R/4d/qXNDDswuU1ykn:EjbS6qmCeHpXZZ87NJkqXNDDsY1yM |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\temp\aimhx4a_fcptlscu1db.m4a | 77.39 KB |
MD5:
48c15d73039bad6ea90ac8a2a9e807b9
SHA1: 18070ceeabf8cbfa706e0f3537e0f7a48ab1b3be SHA256: e0a44abedb623c9902b98fe7a2d3f43c0643c4e319b8e0d9568f425bc9562572 SSDeep: 1536:U4899tJCs0pkPawPZ3pHXFBhHwlsYIM1MMerQaOfTy86Kj0ITUaGgZj:mTCpCb3FjQhIM1srpOfTy9KYp2j |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\AdobeARM.log.RYK | 1.02 KB |
MD5:
8b06a8e8884826674765b8fda967ca46
SHA1: df7cd0ed8959847b3a6521d9c703294aa352f1b2 SHA256: 824096793a04f8533bdcb41d99ab712443580c34a077483fa588913a946e766e SSDeep: 24:oUvy+hG74ujT2onOH3TdlZXm2+xjt25yYOeY1SfYunDX7D98tF:p76jSono3pzR+6gb1SfYunnKF |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\temp\6ksdapr-aqyrne7e.flv | 84.47 KB |
MD5:
212642c5b2a65e504f2b7b413d37a2a1
SHA1: 2c32abe81ec017b61f83ad53ffbf4d8baa5eb422 SHA256: 8fabe4b53c3c52c9826d0270fe7df8d4ffc8d6aeaf6ef18ec50f2405850bd453 SSDeep: 1536:jYXnNIt0H8VrrOhLZh5VJOLzWyxymbbClC1zRTH5dauJvPELd6YatPeZ5q:sXcTr8hfYLCnoHRTH5YuJHE56TmZ5q |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\temp\3j8x0.mp4 | 59.47 KB |
MD5:
a07634bf24a362f5cd23a86aefc78a89
SHA1: 0a5ad2799939e5d315f5cf8eb523e3a194d2260a SHA256: e65782d6cf6b2f8c2bcd3ea9e7fcf7b495e6b82645821a7b52f757958f8d431e SSDeep: 1536:w2XgKXzLTsHRCWiwhHB9p0mYOWO8lwieAQvC0o:wm9WFHB7YPOcFQ+ |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\temp\38rwdvpqft.flv | 62.38 KB |
MD5:
ac91364f6710d72e28b6148bb3198fde
SHA1: c9baac7567b402a82008a3f370c7fda0d14c45ef SHA256: 7a78b66223647b66b1472ef4f2afaa313f13c290e752b475275bba1ba5c209e6 SSDeep: 1536:gwH9p+tvvpZGtP4oaanUJ/SWCOdXGZMJsDqXRSYukZ1t:gip+tJwVc0ExpXwMJsDmNZ7 |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\temp\2ise-ppyw83fh2.gif | 17.25 KB |
MD5:
12e7b9f8a6ed5a2dbfd77d70e961c7a1
SHA1: 4efd381436e2a928650017e1ac99ae4e5b54ae4d SHA256: 1baa6a74817446a5ec4895b53afd32ce127804b3d97a1757c30ff7bf78d08868 SSDeep: 384:YQPSjUpas5NSmLjkXf2K0Q5JfyvrTdG7Ifj5Tpn19QUZJq:3PS+aMQgjVKJ5JfGsK/nnQcJq |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Cookies\index.dat.RYK | 16.28 KB |
MD5:
0e7a4d3aa8ffb2f7180c6d097c7ed194
SHA1: fbe0dec08514f21689ba1d0a8319e82450c13081 SHA256: bf14b8edcade8463e418853c1c8934feff385f96166cbf735d1d82871f1c72e1 SSDeep: 384:v1yNcnbCFeu4x/gBfKl2oVMvzRC/Q+obYm+kUI:M8OFcCfC2m8FYQ+A/+C |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\-a7SmuxhmwT.doc.RYK | 83.03 KB |
MD5:
a03aa1dbdf4ad79e1c24c634b71ef217
SHA1: 12ba77b7db5d3e2f32a2ea1ce544f5d39f7a2760 SHA256: b4c3d3f6776d0b6d146b46ed1f908c63712fb7fd1b59ef708d0934409290e886 SSDeep: 1536:EowqcNYQPz7l7rddPjnLkLHQtcprUtfiaZuWkPEKnr6YekjdX2y96wNqZy2Yat87:uEQb7lPdFs7CWUVhQE4r6YdtVFNb2Yaa |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Pt6EdEMYkXGVOlL.wav.RYK | 73.36 KB |
MD5:
41cff4551060ec97fcef309da4848824
SHA1: 2e1a0e97ba901b13d41ef3cb87a0bde1a418c3bc SHA256: c3df6174769326eab7f5cc97bdc0664a7682e4e63ec75495f95e73ca44495cab SSDeep: 1536:qUEhy9xGunLluoiRZOb8AJi/lWO/NF6ndxUOmrpKikU:qUEo9FuoSgbdi9VNFOD6NkU |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\poiRR3VU0BNb4H.mp4.RYK | 27.60 KB |
MD5:
9d1808ba9cc1225466468e650cff09d5
SHA1: 7070dad11833649dc418a5b1ce89b0be9c44a146 SHA256: 9590f1b3037114529a9e07b59ac551e1d498261b89fc2bb6749f73331da4577f SSDeep: 768:WbwKxUH0jB+PMKBw01KmM3wnR2RTaFvi8:WbwEUUWBwtmM3wR4aN |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\IrsixE.wav.RYK | 88.72 KB |
MD5:
a683a82fa02a7c21b84c89f9d4a2cc8b
SHA1: ceba945efab4df1c3f0a309156f96250cf0c48b7 SHA256: 84f217320eb8bfc67149e29aff9791cf8dbad2a17d471d7d1206dda988892eaf SSDeep: 1536:64L470f21PXzJHSkTQLsylclKb2XN7hPM6ZIU/RAkFX1wXvzQjiFwNiMgU:/U70O1rJ1cLsGeKb2bPMgIUJLFSXvzvE |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\GFXDbgy2_p.mp3.RYK | 50.42 KB |
MD5:
f96346f11fe377f9ec6111f7330d6f94
SHA1: 2bf8c883547389fe5eeba17acd23a8997b193068 SHA256: 4b73fe615ac232304b57d9622268df817f282cd308dd8e7d38c332063a2c5287 SSDeep: 1536:9rM5gcDtHvo7+EnQSpI7ThemoRPM20OY73FWWot:lk11voC39k9AnQWot |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\d5RHPi.m4a.RYK | 8.24 KB |
MD5:
f2dd4d4fdfddf2e1a8f2fcfa600fe252
SHA1: 35a56191fafd7ab7f7fe28ae2496969b82f57897 SHA256: 24e99445bf1669d1afd3dd43f04fb40a52f70fc8b6e8991beeefc7ff4322039c SSDeep: 192:LUM1s6BpvWaoINPzjt3rnAyWTnIGp7mhcpaTzGDN:LUM1s6DvWxUTroycpaODN |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8Vk8gt GR.mp3.RYK | 77.69 KB |
MD5:
5442101801cad3c3408308f60b439295
SHA1: ec8e01732065abec77ed40b9fbc24e3c953ec2bf SHA256: c7b8f627e90c436370232769ae9668f8184eea8e7bd7e7f7fb4dcf1949507fc1 SSDeep: 1536:FzUiu5nVSHI9IBtsbvlndwki5UYLd5fCmHs2JumYp1oS8EKZRPVxoJ:FzHEVSoRbvln2v5UY5i2PEoSP0VxoJ |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Dxiox.jpg.RYK | 64.94 KB |
MD5:
ba5257fe3051c70d54e17bbb0f45ef80
SHA1: 8afff117eece0a866f08a830d9a62443196620f0 SHA256: 8a43162b1ff5cf7fc1c526cda5aa94d4dd9daf1cb4fe0c863e758897b36a4e35 SSDeep: 1536:2cDF2BMR5Ahwdum80kCayf+uEZcfm8aEu4De9GWIYhNOG:2oF2LhRmsC7qMIEqND |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\temp\qy5jarvmfjorgj.xls | 93.83 KB |
MD5:
5798e9b1c319e8f242829357f54ba9fe
SHA1: 3c0ee5828e972d18528ff99ac54af482626a6c9e SHA256: 71ce2aac4e0692c22b077b9e46d5386443d8ee912ec930d232b954904daf824d SSDeep: 1536:Var9t3awtWKJCO1OXEwHDHMAZ0dKjZ1c1imVnskPbuxGnswm37UnUrcS:VaaMIoOBHJLjPOimVn1SxGIxF |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Egfaspk KdC.doc.RYK | 83.52 KB |
MD5:
0bfd08a124e6c027e80f8353f7747bd7
SHA1: 9fddc9d7fb5f9a169bdc50873f6374318355e200 SHA256: 6500195f5cb60bdaf5f5ab2cb86482f200e7549ef06a7d29b42d40bcb8d1d632 SSDeep: 1536:Wmj4rJI6+MVpkpPxR+uNOv2rMmZ5LT5zlLjeB2SSleosV1+3c5s3Fdt3O:Wmj4dI6+wkfv0e/vxpLjFIo8oM5U/5O |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\index.dat.RYK | 32.28 KB |
MD5:
1cb3b2a99862685e2727e771a386c036
SHA1: 049b208adbb9a3ea19013cdcc81ac080258e1ee3 SHA256: 6ab7343ee8a1556d1bc683677ff3345a55ae27dd86b9a8eee5068452e5b98920 SSDeep: 768:9zwalpObfC7sXTMLYbN7U0MhoeWDr8/OXH7PCLgW3Dchigf:e2Ob67sDMLYN7U0MyFv8/wCBD8 |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\temp\u16smx eax3bc.ots | 91.55 KB |
MD5:
c694a8a1b865a61678ac8cbfdb5e9dcd
SHA1: d8b22e3377d7aa1996d25f622c17796b4abe5c94 SHA256: da7ac7119e46fbba710b11197270377ef0f3b5fdfab81aec68bc521a52e3e10c SSDeep: 1536:qF5h//rj+R4uWUVjGCiVgYs2W7i0fPxfuJA1Ynyk/T43ek+ay97kuJ7zJfrq0Gsj:qd/X+rVjyWZfqAOyWqeTYITvGVmONof/ |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\temp\gii5169l dkxv.gif | 75.06 KB |
MD5:
bb5e03939b4f55d47e1fb75c7a8cf2c3
SHA1: 352bbf8e975ff9db2971628bec233935b0771bad SHA256: bd6c3b30b860a72cb64f22b9666a2b3d6baa7cddc938c67e8c654e3c29efe383 SSDeep: 1536:6ugOQaLcwoi+QuE8xzJdaHrDwAUA8wvoUZfcUgLJB3TRZYg:/0awd8uFJCHrETyvTZfcHLJBjf3 |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\temp\fzyp0ete9v.gif | 98.27 KB |
MD5:
fe00014e94abc7708f93579a8ec260bd
SHA1: ae6f9b3a430a69ae75a1b314412328a0390019df SHA256: 414d69e4ce9c5e5a73ccf77666d50ab9fa13605943b82e78b4517a05bfd582b8 SSDeep: 3072:cxqfAcaJt3IStIMA6iBH8SBexM1sgsrG/:cxxcUtUMJSHvBX1r |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\temp\eavx9vrcqnt.swf | 72.94 KB |
MD5:
bc888e69462971d373c3ade21f8a2645
SHA1: 0da9ba76858efcbfb858ee9abb55ea1f88b893e7 SHA256: 8e4e8cb77f99be41dc8d6ed6b3c22427b05901a2637b9def29570db416c87ebc SSDeep: 1536:CkUPTWVMVB0wVmCK4NJPYyOLIjTnoBQHZioIA/yUf:kPTW2nEZ4HAxL2T2Q5iiq+ |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\temp\g8rbj.ppt | 92.96 KB |
MD5:
c81c1bab34610af9fb01ab6a0c048b93
SHA1: 5a9418a5bed6dee7012def16e2a6a1c53b248996 SHA256: 8919fdad54e5d163aa69bf07e8dfa6a49ba5e79bcfa897e535ca9a7ec53332f4 SSDeep: 1536:FciXpPohYjkjUPLrya7C/FzYB596/4Y2r13sR8mlojEQTJE3X3YjsBC3:FciBLr5GN86Azr5s+/QmG3X3YKC |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\desktop.ini.RYK | 434 bytes |
MD5:
d344f81c9b4a3a972b3b32592d173633
SHA1: 8a70116ba97858c308e4b7793d4c1148b377bb4f SHA256: f3274421268fcbbc3476fde1bc0bc691977d17e73e5db9bcd69fa51176bf7292 SSDeep: 12:VVmzHAj6qm3o2UCTfNuHf0pyP84knMLE+iimdiq0dPmZ:d+k2UQf8LxsMLiimdJ0sZ |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\desktop.ini.RYK | 434 bytes |
MD5:
cef82babd7908625c14d75d3d205e90f
SHA1: 79115c4d94554a1f806739c9fcc20f94c6ff7078 SHA256: a5ee3471f9d96f6fe96bcd0febd6c9acb57e8e9b4413627ab3c915185dcc4501 SSDeep: 12:QIdzmJ9q8+iFyVdSz6hcYqyKy3+VwcQT0TiIanGD5APLb:QIdSJgdSzwwyAI0mIaGNi |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\_8Uk6OzF5I.wav.RYK | 69.50 KB |
MD5:
9526790f2996ee6ae3869ff85b7df1a8
SHA1: 6243a4305e55d8a169e5d5e571860de4ab7a8244 SHA256: 84933ff27dd76edf7cfc6135d08975d0512d7e7e78d986eebedc9d9e60364581 SSDeep: 1536:ZzaCZC9wk8FrwiJ0CtBjQNDNEzRJizV+Yfaq/dFiI/5zXab8fzr:NjZ4bnSEgRJiz4YFx/5Lab8fzr |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JYIc.avi.RYK | 85.06 KB |
MD5:
3f7eebc66b02e422628c0a15500d8a7d
SHA1: 9df519c56372fdf6ad76fe52859f7e16a2673493 SHA256: 7d524012620794532a704b380d33558377a85b7526e48cba076b59e962d9ed7c SSDeep: 1536:4XPMWc0BNPMy7zTru3T8qHL8OlUe9tUNCJmykCLQPDqotcoOI8O1CczVqu:4pc0jMcEmOXUCJWr+otOI8WnzVL |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\FFXb5Q.flv.RYK | 100.16 KB |
MD5:
aedb2da68400c62ac6841ba05bcb7ef9
SHA1: eac0f45907c32ca4261d42a03b064fd557363a70 SHA256: 7ca8a0fde5ad2da75d50561d2e54399996a71e6b610e5225d23af9781ab2bd9e SSDeep: 1536:B9xSvI8lgZNBLhuie9mUWLFWzCElvdQ2QV4m22e9YdRhPCEJ2RXOL+GRTTGAUQkt:7xSvt6Zh0aLZE3Q0YdRdC62ReL+GR/vE |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\t3oT7y2.gif.RYK | 71.50 KB |
MD5:
c806ba48786e0b5a2092546a7875af2f
SHA1: 6860098f31bb7181e30b2be63f4adba1775d9a1e SHA256: 4e201105c69c816cb3f90208341ded1a4c52f9cfcc01b69476c078841f7fe457 SSDeep: 1536:08hU2aZ8X/Nk9YE/DhnrfMviKAaz1vPDPhWJwtEOyUnyAtAo9C:08lNqV/Dhnrf81z1DhnVJnyg0 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\xSxhLvKszJn.png.RYK | 22.13 KB |
MD5:
edbc4f4af549eedac55ab99dd5934358
SHA1: f17a1899c77f4aa5abb0e4804feddfdb8b8042b9 SHA256: 4c126096d92cfb7c1587e42950cac606ace6fbdcf6ef1e6c0f2856e11b271766 SSDeep: 384:NhIOzKLwiyOZAPVMLP5uGxSVVzA91UGV4yuaYCh+r9FjEIUxi6NsxgZLSofBC0k8:Nh/UyOiPVU5rsNAjW9FEIUgsKgtSoE/8 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\hA1ampWxCrELO.wav.RYK | 66.78 KB |
MD5:
51248c644338308ccd34f90de7eac068
SHA1: b19594270cda8d3182d80af3e68ee6e5717528f2 SHA256: b41ccfb0c9b3b1d6516ed5fae96a762a6519db8c97763e9bc6357fa1b4c9c88c SSDeep: 1536:lgVkrCYJbjfAAZtjaNtPZVX5QOTV7Zul5Dv:lgVk2YJfIAZtGtPdVrul5D |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms.RYK | 6.78 KB |
MD5:
3841ac1af30b92d8c61fb95aaaaebc55
SHA1: 431ad71134ec70b00e3c5d3c1a5682938821d901 SHA256: a35cd7d15fd4d7e7b5f92073e4e051884a70df8ace59fe9cbb0809de72e75071 SSDeep: 192:YplOVcu70XuFNS1r4HBqIe7/vCbQp2poRvoggDj+DbFlX:VoXu3S1uqN7XCtHuDhlX |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\index.dat.RYK | 32.28 KB |
MD5:
c28d85c073da6196c33b11cb6ffaad4e
SHA1: e5a0d635bac698092e329c3ae1454edf743556ca SHA256: f57d477f5604782edc5f91e9c9f4d9433693b9bc8ac2197d3414c0a0607ed10e SSDeep: 768:DYSvfxXWgGU+j3vf9jFNpbillOXTqfmUrT2e:USknTHVMu8bie |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\desktop.ini.RYK | 354 bytes |
MD5:
a215f91697ac44446518b66170584f41
SHA1: 75b941cd3b4a666c52a998d16817642c919f65d3 SHA256: 112f6b3b0e0a2a68639480bc1c4b97a9f39c55e29ef0410b3b73fffa17f90456 SSDeep: 6:idlxu4oyqguxfUzijXgn1c3l2SvDgFJPsxOeSwnKSrm1MbJwP4KiUYYI0Xa:idju2/MfmV23dvDeJPsdxKSNbG4KitF |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\FRMCACHE.DAT.RYK | 240.49 KB |
MD5:
6083b915cb81055dc3cdbc881a4116c1
SHA1: 60c8c894281505040f7b67bd155755fbfcde2e1d SHA256: e8db6d2b0e4bf23c7bd00826da78b717ce436fbc23b131e15a523744c5a578d2 SSDeep: 6144:UbrkdqwySj/+DqT19WnUwFHlAZl75UVPn+964JAfRCtuM:Ub7w5j/VsVHlATIG9642Ctl |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT.RYK | 16.28 KB |
MD5:
1ce375a3571e903b101c013f824cfd79
SHA1: c051e3eb9e46a5717cdaad98dbfa0b967ee9a4a1 SHA256: b7ebf478ca7bcbe4e6f330d9c4db804a7092b6ae70a0bea497ae952677dbc97d SSDeep: 384:o58fuPprB9V+sKq7gPbba18Gz3n6/Smt7NHhLAqFoCLg0I9:o5suPpt9VT70S1z3yNjWeNW |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Outlook\mapisvc.inf.RYK | 1.38 KB |
MD5:
6ec9ccd5da5bb15c8b86bc3450f109b9
SHA1: 35af8f2363c1bf97284e19b2f51918518924f4e3 SHA256: f7cbc1c4a25dd4f8c648267dd3f7ce83b2b9c299637584409e30df115f21b1db SSDeep: 24:TWWAfQ/3MdJjlqdBzcQHTPr7ZKmdlU14TMq6RAoM7wGUJhO3/dNw5H9QV3XWxW:TWfQ/K3qzdLrAmdlU+/oMl2sPdNsd4WQ |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.txt.RYK | 12.21 KB |
MD5:
e7a24c19ee6d1db0b9f15415d8189dab
SHA1: fbffb5068164993ebcd5f8bb9529c849b2e65c11 SHA256: 6775fcc2f816bb780a0b1ed8e97aedc124850faea03a64207d83bf52274da8dd SSDeep: 192:IzsTqmpd485csRc23vIOFzTljsGNjog1ZF9xIsljy2eTO9AqwcvasyDfXVxN4GKZ:Ija6qwC9jJjFF9xImjGTozasyDWXn/L1 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\LocalMLS_3.wmdb.RYK | 68.38 KB |
MD5:
604b0001d7119a7cacc3b846b1db8215
SHA1: f9389ccda88f43c8a3c7d56ecf2e05bf8900f90e SHA256: 5d644758d3e690be9767b641ebe93ae04553b047341627e057942e5b1883517a SSDeep: 1536:umks20f3E351pcpEGFxG6m+mWMOdz5kmJThl1hDjviWi15Fxx2Sqiv:uZs2g1ZmpOtJThljzihz2Ev |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\thumbs.dat.RYK | 125.28 KB |
MD5:
c37b158b5e9d2faedce2d3dd327fa601
SHA1: c22cc04ba664c645860fc1ddb1aa3d286ecbcce4 SHA256: 0c0b76a9c963f357fa4e2e889e7245b511626cb0503fbd42181bf5a9042fec9c SSDeep: 3072:HAkFYKLd8Mt1K0xsOuajbSiH1JjML/C69zfvQIMvFQwcn:gkFYKB8Mt1K0+1ajOo11MjC69rv1MSF |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.bak.RYK | 12.19 KB |
MD5:
9335ed1999750868694a7ad25a9e037d
SHA1: 95a8f761914d12145760db570db63c5e26dc160d SHA256: 181a695f29dc1bf51b736de6ea7801b60fc818bac3371d022a748d4040c6354a SSDeep: 384:ZEyYCi8V1uh9elu/USQKIH5ldfvCpUYtiuqC:yCdakS9ajfvCpUYhN |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Outlook\Outlook.sharing.xml.obi.RYK | 466 bytes |
MD5:
34bdd746a861882b168a5ef0fa8fb9ff
SHA1: 9028b9fc5d3dd732c01db99cf284195e0ac67e9a SHA256: e612ed6bd8c37b624fe9bcd5dd3f3691460c1dfd4c4f9f83f9eca98215ac8a3a SSDeep: 12:wFiW8gThSlfl8vJBlSWDQxdXacMln/XVefJP1HxSFF:q78gY7QJBvsxVaTXVexSP |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\content14.dat.RYK | 99.50 KB |
MD5:
b2a69aff8d96cc650b80588cf9732953
SHA1: 36ec2385527fb042bd587b73d49e450374b07e21 SHA256: 9e20dfffeb921a8199a60f30544c1492192c122c5de2974fe3eab43fee7fcbe7 SSDeep: 3072:zo2iW9KbjCCaaMYiPX5vbOuloXm08LoFU4GqqD:DNKbJaYiPpvUXm0tGqqD |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edb.chk.RYK | 8.28 KB |
MD5:
d39d43e4661e1ede207b426bf1044924
SHA1: 18d4988490aeec64ecc9a55310d99e5e2366d4e3 SHA256: 273f63ccfc33f0f6c10554715160505256a795353cc2c56144a1627910814293 SSDeep: 192:56zhihyV0o8DDcdXil0LMx8FqonYkv7a2tUlhziw9m9:0zhi3o8cdbLMSFqsYkruziw9m9 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\oeold.xml.RYK | 546 bytes |
MD5:
69da63a829b2abc323dca949fda15302
SHA1: 3b0eaef0091c2104321a65926d3fc864e4bf4945 SHA256: 89bc82b26b7abd2c4c90b485846ecdc48a5ff6f3ea11a2cfcd161914131344c0 SSDeep: 12:CMpiwfRWTLUUHJFvEwmUDH+WeKhx0GsIAkQhHJn:LiCQpFvEwmUD+WeKhxe1hHJn |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows mail\edb00001.log | 2.00 MB |
MD5:
aeacaad47b6c2188b5bba83fcbbc4b42
SHA1: 817ffe47106de644b9ed9b91835e421a049e08ea SHA256: 56e8cc98dca22302c817dfb72af3efdaecef039ccbc45dbf69472f9e14fbff0f SSDeep: 49152:yUk5+2+TbNLCowvlOn1ZRBaMCj+MBDJQn1M:zT5tI+MBom |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows mail\edb.log | 2.00 MB |
MD5:
21655fcc9d01a219b2bbd70de364b989
SHA1: 285b8d8ea7442f9757c94f94c3e8b9f6b599fc26 SHA256: c7d54f09ea032cf8cf6f1b8c5a6ba4ff5f0b601112d1a96b9259041936ab3b85 SSDeep: 49152:ApTXiUMJvhLViBhSjXbUun2zrQ2keznOVr4:qSvph4MDbUHkInO6 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edbres00001.jrs.RYK | 2.00 MB |
MD5:
e7c6a135392dd7181ace9e9789886bf5
SHA1: e5fdc535c815c8323f150eedf39f39fe8ca303e0 SHA256: 399373140945fb17ee8a04d304cd993966e27f0018d4aab4850385d6b002d573 SSDeep: 49152:bk3+GAVYkTND2Feag4J7O6eBt4zSqJiJyG:bxBNDdQODrqs |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Media\12.0\WMSDKNS.XML.RYK | 10.22 KB |
MD5:
d528ed59a75ce072977ea64496387531
SHA1: 75c82499d6ca62399b78db79b9e77039c6e5f069 SHA256: 90e41c59f173a6a6219877a383a79c19730263beca1f01ff5cb2b7a42d56808c SSDeep: 192:5EXFDPgRkoU63D0TF2mb4RcaOBwN3btXX38xJ/5b72Wnko8ONyLCRTM4XBHZ3:5EdY3D0T8mb4tmsnsj/94oxsC9 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Media\12.0\WMSDKNS.DTD.RYK | 786 bytes |
MD5:
5332e13525d76db8d68de819f1357ada
SHA1: 6482af3ced7e374fe207ef3baa8701e6072d222b SHA256: ca39e2e1cf0e07c7c2168470d4c9c2e00d05c2fb8ed2967897f6354b430d522c SSDeep: 24:yIYQ3GoMI5oHbKRj4vIIKcd1aQ1TvCIl83XhoxQ:yIYXoh5kbs8vI3cd17CcSh4Q |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\History\History.IE5\desktop.ini.RYK | 434 bytes |
MD5:
ffdb47cbf1fc813bdd4149ead249097c
SHA1: 3cbbb441eb445f04a987b5da97cb999f4d359246 SHA256: e6d0aa8f82d6e564f5b800837fa3e81ea30dca44990c563adb7c38ac1baf7125 SSDeep: 12:j9Cfc2uqVv5ZrCesVYFfUSNKFSpb89MXa1:XXqVPfsVQdNESha |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Sidebar\Settings.ini.RYK | 370 bytes |
MD5:
74680e8424cebbfaea1b7abd596ee950
SHA1: 37681c81c72f132f2c2852e8e5ce3c8a6cad028a SHA256: 04ea02ecee27e5ae9142908c3a19cea743e82d518fb6bef6637c74bb744350e0 SSDeep: 6:ycnLzIzX19U9PO39n1KkKTxFmxSMPq1qNODXHm7crE/B8Qoo4p+Hk3NBO6DD6P/+:ycnv4fUVO39nsxx8xSOO/Lm7ItQoo4tn |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edbres00002.jrs.RYK | 2.00 MB |
MD5:
948b8f3a689cfa667dcaa89d3850a9d3
SHA1: 0c8cc5111be4c8b1ba0c0366ba025cc13d2a1caf SHA256: 306dcdafde308810f73260573489b61c0a508c0c6987ff30952874eeaa7d6217 SSDeep: 49152:7Q1ZIZGOlsoP52+qMf9I9WO/kvVc8lMFtag:7pWowswWO/gJatR |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\History\History.IE5\index.dat.RYK | 16.28 KB |
MD5:
70e006866ef68ae2c0342affe30c74de
SHA1: ed186ac6f2cb3adc948e10092e0130bb8b0d2fea SHA256: da43ec8daad65f40870579d5f31846140d91350cbb847393aed5373be66f9359 SSDeep: 384:3Acg1NRcM4qu8yQTAt8lVYV6w4UgLs2BY:wc6RkS0V/4U47K |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RWi77TEZNRMGP1 8C-Y.jpg.RYK | 93.33 KB |
MD5:
f2b7b60a2f5d1cdc9d8eb605afd69d6d
SHA1: 84c0a04fedf1d975c8fb9ff7df953b424f76fd8b SHA256: 8be52041cce6cfd45b284f34d307e80f11d4f6618254c585a483b63b62c06719 SSDeep: 1536:zYUV/Clj7MrMowJlhm3CYvY/OTrgGAlLVESmsDVNi9dCjn7/B12pe7QH+4Pw+nYy:zPEVKQlhGacgGQSENbrTPJQHN5F |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Qt84e7C8eLCYfMRCQN.swf.RYK | 81.21 KB |
MD5:
bb3c9c5f99798cbaa305474025ff8efc
SHA1: 04c8f928d7ba6410284055946bdffc16b16ec113 SHA256: fbc583fc031aac376e4d7f59fb46be6c0f4bde5777c7699532c500479c01c2bf SSDeep: 1536:t+PTTZZBW0+Bc0Xn7RxP3NQD40clZ+z3n8QOvcAEoglilEF2Pfsu:tB0+b7P1Q6kz38XcAEoHlsu |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\1q_7S _sJf7Tgt_vFyHJ.wav.RYK | 81.05 KB |
MD5:
e4b2250bf9acce753358898193236291
SHA1: 0e1299e2af34c11499823f593fff7a79feb20004 SHA256: 2b5718367ae07bc0068cde92ee10574a948dad8933d1493e69f5bfb164f0b8a4 SSDeep: 1536:DF2+GWM4C2/aDY84o4s9OQq3ZlCZu8FRr3Ys5Ovxs/mDZ8u5:R2+GWMC/Jo4s9r4lCZFZ3+VKq |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\tSQTBue_nr0Cv7YAUz.csv.RYK | 54.75 KB |
MD5:
41d5bec1f02e08c4c03407e36ff9339c
SHA1: 5dc881a0675f71561d19cf8dad669fea2f452da4 SHA256: 8586b6146e0a90fd029f8178e72c5826c900467f28fd5eb15ae1d61e1f798cc8 SSDeep: 1536:nLDYWDKHw5jlLrnSZirudpXxtXvDr+ubKYHTaskQgS8qO:YhOH0ia9JLZGskT/qO |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\_9vOSCvIM6yj_Fag.png.RYK | 5.14 KB |
MD5:
6274ad7d34392f4f07086b40e5eec827
SHA1: d8699e4e3f1b36f980fd124ff035a64b0bd33605 SHA256: 3ae797489f5376f2fa0e7016e15450de3318eda8ccf91378a09cd5b206e3cb13 SSDeep: 96:ckHlbMdvGM+dz78vZ8xa9ELjFfb6xfkHdciK5uaWOwKAklmyZwE5mVPRvGZ:ckJMdGM+d0vMa9e9b6x2chnnwKACx96E |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\pzZGoFZ cjbZITKhSi.mp3.RYK | 23.46 KB |
MD5:
b1d70e6b4c00ac58e630471f76756520
SHA1: 0faeed7743a5198b78e348b3fb3bcf0a73e87fb6 SHA256: fedb7b62acb08285264662835234c6f6fba467889796fcfaca3b84477ecbe5ea SSDeep: 384:4a8AhQeuTUZQGKy+OjVJwxH/Lw/em3xNf5Y70m4wTOMtaN5+4vCsLFHs:P8AyiZlNVJwxkZBHYQc1AN5JM |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Q3n_NxKh6qQDrqPXiJ.gif.RYK | 17.06 KB |
MD5:
27e0b6db4da9ee5a39466f0bf2afa855
SHA1: 40f3d037f062d17c6f66c1f339cbeda746d0328f SHA256: 344fd1ce90f2916ca7643cf070afcd5d5d3378f7329b2f64e5b979f35405458b SSDeep: 384:L6GR8AcfBa0S7fX259FdXSyMPfLIX/zhGNeRnon4o9nl34iEcU:NjL3f25JMP+FGNeGj9I |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\desktop.ini.RYK | 354 bytes |
MD5:
6014972e261f16debbd54e3af9396aa8
SHA1: 37870426a9198fa2ca52f883d7cfd0453f2db9c7 SHA256: 03cf6b399730376ed2a203811eb6511898cf61db2cc8f4d1b67eebad39b0894f SSDeep: 6:6waFL/E2lqMvUr30u/m0csEn1SPBi9W+l6HPuXnGl21ld5u8EeX/f74vWvGLqCB:eFzE4qMvUD04m0REYul6HwFU8EeX7DGl |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\desktop.ini.RYK | 354 bytes |
MD5:
e23be30beb3c57386a095df96c405805
SHA1: 817a05da3326a0df5abb9ccadd502fe68d7d1ab9 SHA256: 0c32049b3675d377eaf0bf06b5c2d511111d7e71f04526001d0d102cf9061c4a SSDeep: 6:eblWuqBnFdV4mjBPb+EiS/zOW1GCLhAbk45Qii9OD6krS/x5c+3CDeLt4e:El+BnFvPFjLiCKW1lLSA2Wk+55cYCDeD |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\1NBUR4HR\desktop.ini.RYK | 354 bytes |
MD5:
c0749aa079cbc93315549a6600194491
SHA1: 5d4b42e5dbfd1760fc258a49d6c449334b7e0819 SHA256: e2de956019c1f4c179af0533349aec64f18e324af3f737e11753e9a49906f188 SSDeep: 6:wqN/FEVoWH9ofldGNGi9KTQ8zMJdIL8KIR65zw87QKzk9BRACFH3xCreUq7n:TJFEVLGldGt9KlOZKIR65lk9FFmdyn |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\Microsoft Feeds~\MSNBC News~.feed-ms.RYK | 28.28 KB |
MD5:
a695031aab39158d599e06d5add1bbff
SHA1: 3818bdcfae87809b07efc09650d2bbc7569177b6 SHA256: ae545b75cd932b562c9ba876d637f1652f433923761aa0d5784cee691533d15d SSDeep: 768:RczxHkex/lRAC55cYWKtvJoM8bq9OmlLK/cuBCAb3T:RclHkg9RujKlybeOgLK1w+3T |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\MSIMGSIZ.DAT.RYK | 16.28 KB |
MD5:
b4513bab3d7f3184a8e1c492bcc13b98
SHA1: f6e0bd0b1612544adb60dc52bbdebb057bb9f920 SHA256: c8160f21213673ea49f3dcbdd5144a5c38a3a0c019ce8b10542b669516771a87 SSDeep: 384:0XwQM/zOkXFpIzXnodp5SRznMKbnk+0FQiVpcd6B05PfYOG:qwQMLOk1pIzXn4nS1nk+/GcdA05jG |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\MSHist012017071220170713\index.dat.RYK | 32.28 KB |
MD5:
3f00cc5cddbe4cd74267903e861be0cb
SHA1: 6c6ea60962792e808bc01c21c8b6fb6ab50c15fb SHA256: 0f1b354436b2376fc5155baaf2102bb8e57567dbd6aa792fe4ada46bcdcb4abd SSDeep: 768:JYTin82lLao0HEv1L6s6m3JlacHIUSACLzxfNpFmCZegBRjF:Js32JaDHEdLTxIUSRJFm1aBF |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\6ASVN7J7\desktop.ini.wav.RYK.RYK | 354 bytes |
MD5:
8f8bc5be915caf4eae7df7621ba48b15
SHA1: d0c3fed7d3ccb9858d941d738e1acfe98e7df05d SHA256: 1bb5a691276c778a65d217cb71e5da456028d10f7c51d500e1051bf16f313f19 SSDeep: 6:Q30LOaB4lJFNTSp3WNCLxd2j1BVU7WE2PWMn/GMeBi+CJKNDzVh2FJx:Q0OaB4lJFNTuWNCLyjTVU7hZ2GMeBiT/ |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\D68G7BIJ\desktop.ini.RYK | 354 bytes |
MD5:
5da8231ff87b7b933f7616557f840186
SHA1: 8888c932c75599aef7a2e6d8b04719903fb5b0ef SHA256: 45d85bc09af54075e596ee75794aa7338b04ddd72c27688a7e1c7e23ca3f641e SSDeep: 6:9eeTZS+k5pLEZ0BbMJ9uORWJY77UBH9Jlu7YAfR8BUIwKB/nMpHhh7EIZU1td4G3:9BTZ63L1B5ORrvYdJlu7BZ8b+HhhAIZO |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\KQMHSVKD\desktop.ini.RYK | 354 bytes |
MD5:
324d3ac6a593c5fccdfe41b4f60f8015
SHA1: 31f8303456b1acaa48cac26a413bbfc4218c6e3f SHA256: 9df387a09bd650736e39c0c0df08e81edea9d1eb32c60aaa72f038a5302d6692 SSDeep: 6:Sifn47nJLwiy3+cA/OSXa96c6J/PIAhX883vPt1LSNwwOVMrJU7UxUd7saGjubzK:SXwipZ/OgFR/wy7ldSNVOVMtWOaOUzK |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\index.dat.RYK | 32.28 KB |
MD5:
76f408f7ad3b6aed078032327cdaf400
SHA1: fb7980996d66b2af0ecc353aca9a6660dc9aff8d SHA256: 126ce1e6aee4aeeccaae1963affc9d6e58c5cdbdf482b3fc92ec54558f87ce51 SSDeep: 768:F4wo3W8szlXETIsHhmpSqRTlPyOzlXwCX:a3W8o6PczhPyOzlXwu |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\frameiconcache.dat.RYK | 9.27 KB |
MD5:
eefa2852d6c0944fa47289fbb539d9f8
SHA1: 005fcb59c73f727789a58fa74e5768183f4b045e SHA256: d2f8b6402c171b81658e0bca89b19735c7cdbb9df6370765f4cc0ee7083e93e4 SSDeep: 192:1jOINkRXiPpmy0KVY/tpT5FAF3c1HJ3Ku3XqCQyXk0RjgGl1hS5R:sXixv1OvapQtKcq5yNFRS5R |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\CurrentDatabase_372.wmdb.RYK | 1.02 MB |
MD5:
2ec7a6a13d77330a3f3f2b40c57d47fa
SHA1: 2c78682abe8b55f0b485be9407e0b6be75d145fe SHA256: 164e767aeaccd1a6fdc2de06e45b7d0d7be069b3d41ac37287d5a88b71d8d778 SSDeep: 24576:veBE6PS1ORJL/VKx7bT8etAJFX0T+ZrJQZRpdY/A3eGqVe1tUFUkX:vASORJDVKx7ceuJFX0TA1QZjdY/nA1ub |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\14.0\OfficeFileCache\FSF-CTBL.FSF.RYK | 402 bytes |
MD5:
cc889449509529cafef564d420ca462e
SHA1: 8e3d8496e434fb796c876c505da2418aaf1dee16 SHA256: 6c81e0ff674dbad83050015f7df7ddbc6ee39ea1898ebac449f297625c69d333 SSDeep: 12:U/JwX3/34xSEFdyQb4XyzZkBz4GY6VAtawuUtwn:U/43wxpCQBziyuwu+w |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\14.0\OfficeFileCache\FSD-CNRY.FSD.RYK | 128.28 KB |
MD5:
5611613bd3bce771d9a230931875fbf8
SHA1: 89ec7fcba739f731b04cbc36b2d8749b7b4045c0 SHA256: c4482fe595f778dd6397722f5385576aa3a2afb567b32367b19b8970d518017e SSDeep: 3072:3Ufey5g1BIbCjq0uM358/k0htQa0KSZSXqBmVEOV0NaS/T0f:kfpIImBuM3gPQaxXqB+/VWxTi |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Backup\old\WindowsMail.pat.RYK | 16.28 KB |
MD5:
b208f9c0840fc298e6388d92ba8f734e
SHA1: 6f5ba9a2615045ad2325f2e4bdbc1aef6bf0858c SHA256: 33fd5dab5f4de8685aca877da430a565631567b9cca678bd8b041789a81d16c5 SSDeep: 384:KoXoyE+pTGquMWDPdZ/x1UQ5gz6c1YnTo7BGsUKHYaGx2wl0u6H:tvrpaBlDXxazknTGGzwQ2wab |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows mail\stationery\greenbubbles.jpg | 6.53 KB |
MD5:
20dea9cd7789e74de5f5df417c3ede6e
SHA1: e42a004fc0b3335fef6c59c7763f918ffa115053 SHA256: 62125a16a4194c3865c378315c769cc7300c7b13301fdebb180fd97662611855 SSDeep: 96:LOT8B0/NIXaSRZiCYu/V+Ffb/cZmCZlelTlejLVc6eG9Pvu6ed9lNXFZcTHQYj9g:Ln01WyCYuwpk5iCeG9P26ed9jyjF2H0G |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Backup\old\edb00001.log.RYK | 2.00 MB |
MD5:
19b61f889867293ccbae7a5cdcb7559f
SHA1: e0c670c8216605aa3829aa5c5966f0121a5357db SHA256: 47f0cbc0191bba6b17bec40dea64c0c3f121b3ea4b6b062afe53105ffd6575e2 SSDeep: 49152:kkYpV1Fe0V8thGTBO+yFZoiMyx7Yutd2/3ju8O7p:kkYJeVtIrK7YufW368O7p |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Bears.jpg.RYK | 1.33 KB |
MD5:
e484500959ce2e190863d6758566068f
SHA1: ae071c01f11dfecf95411bbd4c39aa237a99246d SHA256: 84d673e4cd0b916dcb69e1b9df36e6bb3f810fa776c5c6ec8ef51572ad7890ca SSDeep: 24:oToafQAxlZ1pyGJRuzn4C3QxfmYYH98F12oQDVkM4rq8BNMfhfhcJ17g2UrDnPK:SxOGJJxfmYYHA1YpN8BNMJfhcHs2UPnS |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Stars.jpg.RYK | 7.61 KB |
MD5:
4026bbe42960a34885412f76600c6526
SHA1: cd233260320eebb954f88f4152e7e7d8c0aa037b SHA256: 106312137664942772c792b938c74b83e15c70a98c590a873e05d6d1f404830e SSDeep: 192:ZU7c3z5dmWRMBoWr28PSmmiM4WHw9Z0svs8XpdjwhE:W7+z5EWRuozWlmR4WHw9Zls8sE |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Desktop.ini.RYK | 930 bytes |
MD5:
dd6cd5deeea70f34e5bad60999590172
SHA1: e809750f864a69452bee8257f8c3c62870358eb8 SHA256: 713a34186fec040731a42a736f863b750f16fa113ee2d514e12b120eaa8bdb67 SSDeep: 24:WGPny7gFo3p5PX4W6IrfePERCdFpMLjQl7tLoSR8zAD:WGPy7cKf4Wpr7eF+nytLoSW6 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Garden.jpg.RYK | 23.58 KB |
MD5:
0eb3556cd8ec0ff904dfbab462b86e31
SHA1: a7dfc285262b0f59c3615154e0260d4f0e43c1d7 SHA256: bac72c22e47390c6aa389aa0ec9a32fb2afffcddd4a074f8c51c3ae59d5a4d4f SSDeep: 384:WQFQZ44fRfDBI1pyQWo2Jy86HjALyM97RhwlcBFRkk32lbRTlhFr4qEOszFFnw6+:WKYbBxfo86HWn9pXRDGtXhV7Sh4+q |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Roses.jpg.RYK | 2.16 KB |
MD5:
bca9bca2852aaf179b28c20c491c86df
SHA1: eeb246c1d9aa7b85677ffbcc4ff8c536da7cadd8 SHA256: 6619a941a4a3fe55832b9dd431de3452367912681a4b2b372ed5f83bf3a93447 SSDeep: 48:vhhelWP4NvYTOhZWGsrU9wse9b31PK+BPYnWznCekVOCS/7:JhelWOYGZWNhBR30RnKnVft/7 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Peacock.jpg.RYK | 5.27 KB |
MD5:
d29e410b53d809bfe071e0dc2e774411
SHA1: f6fa8d88a0166a04e477578b0df7492cb05de900 SHA256: 317cc29f91ae6f7c3e4ef3483cd943484ae779667a58939042bd2d704069cd58 SSDeep: 96:ysikhea3dnceuwO92azBOvLO06Vq1/2sGvJfK9YeZ2dN6S18SqvMnbj8k+wdpI:ysi2xcIOcQszO032fvxKZ2nb8nvMsk+b |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\HandPrints.jpg.RYK | 4.39 KB |
MD5:
8ac2b51e341ebe7af48b2227d69fbfc3
SHA1: a12892c515d42e406567792d6d7a7fbe073ad089 SHA256: 3a4266a2742bdfd7d909a1750c6281d7affa0d845a6497202ac31a66fcbde72e SSDeep: 96:6idpsCALtwYCx70LdD5tQ0N4tGKxA9gFXcuu75h4DaZNIR3SwyD+7KKR:zwCApwzV0LnGO4tlxAqXcB7H4DVvGWR |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\OrangeCircles.jpg.RYK | 6.50 KB |
MD5:
10d352ea0d81d1887ad95e1774c48fd1
SHA1: 50ada141f74d22c9f0329d1bcfd27efd23c7accb SHA256: 261f7eb30f2c9b48aed57fa270c7dbd4a8ae16bbec757113d8286ee48e8e3754 SSDeep: 96:S4V/tqe3Ys+yTToYqP8FXVj4Jai9GMCeQGGlaiMzIYXSAvL7z1TQ/yU0bDAUob0X:Z/tqe3Ys+y3o5WKh1hU0/hi0orn1bG5 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\SoftBlue.jpg.RYK | 10.60 KB |
MD5:
b8dd245c7138ff33febc96d8d5080180
SHA1: 4327fb313f2e861f978d7036e3ee39efc62d8cf9 SHA256: 43871d964fb9a8cdde3637c2b23e1e1543692d45a64a122a34d72e8513b839a5 SSDeep: 192:Rr/DYe75FQIBMSsCt/seTrkb5HwWjOUZRtapx82DYlEHM+iwNffereqDHBitnMQT:RTce+SsCtEakdHrihH82tHM+iwNffsel |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\ShadesOfBlue.jpg.RYK | 4.89 KB |
MD5:
93aa0814a1bb9db298609ada386e645d
SHA1: 4c62405ea11ab1e64300c5a561b9ee982ba5a979 SHA256: e6064b35adcc4d26046f25e3f0249f4161d4970943554f46d86d0f7b615546ad SSDeep: 96:V5IXXpI6I+8Kb31vC5LgqPYpTo3df3f631a6Eq3P:Vg5IoDhC1MpTo3da31IeP |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\desktop.ini.RYK | 354 bytes |
MD5:
a5e7f3022c127075084aeb3cca262409
SHA1: f73cc3ffaf1de62174e4c0633d8d9032818601f1 SHA256: dbc986c7ebbc7b44a966500c29b4f5f0a19d5de7c62e12a83ef01de65b9170d7 SSDeep: 6:GdhlYH2AbvyS2J7gMRT0WU6EuVldRaY1dF5EbgsBX1OxB:y22AX2JkMJ0GrTdRaCdvE58B |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\index.dat.RYK | 32.28 KB |
MD5:
03b925a966753a3add33db104e69e420
SHA1: bf6058cf58b7410233e2c425293fa56eb80f4d5d SHA256: 2bfbfe88cb8fc91ff3db72793436f1e4a660e1a5a1076db43040163472f10354 SSDeep: 768:Ggn3ZlWBR0HSFQiDG8+hoajTR6qoCvN+5yazQSswV+FHuM8:GgnJlmRmS3GhoATICw5yaGwQB8 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\desktop.ini.RYK | 354 bytes |
MD5:
89dac97e1ee7bfce10f50b4eab508f1b
SHA1: bde9bff9cacc7f799b455beb5e6d5f87747cd0a4 SHA256: 0ed953377f76c316ade7ad2c1e58ded186700dbeb309da076f5182dd5093c7e8 SSDeep: 6:csa8uMhIf+ncgytALU3YbN95i4PukwnwrikDYCdivnZYCL:cs3vImcNL3YbNHukwwrP6ZYCL |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\WindowsMail.MSMessageStore.RYK | 2.02 MB |
MD5:
e4853bb4e1571db121c0fcc345243721
SHA1: ee3ba813f2276ce62c89336c4c6d4af85af40fa2 SHA256: 0d98d9350b7a1c30c10c0e74c9ea13e34a9d6d40838486f7df6826b8b9cba941 SSDeep: 49152:voBVUVgpn59RZ6WDkd2KND6Pn+a4vAX5MyM0SIC:vw59RZ6t16n+f6GyMqC |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\MM5O9XQS\desktop.ini.RYK | 354 bytes |
MD5:
017efd3fb1de8ac4388ab0cf4978b28e
SHA1: 0a38ba24cf91736febcf46ced34ba4ef38313a3b SHA256: 790daa64035c2d08052db08f6a3f5b71f016288e5f8f603980994f085fe344ca SSDeep: 6:BuCxnYiemKxAzDU35B/uU8J2f6Q+MEu9Y+yMObnuFz2aVwXhC45iRmu:BttQxAzYfGvWgIO+yMUnS6aVwRC45Lu |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\PMMR5K9K\desktop.ini.RYK | 354 bytes |
MD5:
a0c779da5181dfb11775c6cf89eab612
SHA1: bcb0fa0baaecd6b4177241c84f79f33bc3958b5b SHA256: f510b7ff1071f884afc0edc66ed7e63f85e2986682ae7fbe4514fc53d75fe8c8 SSDeep: 6:J6B1MRVe2/byqFMOysJ+yrHJRfx3suvkM+sATqX9yNA8AuSemMVUpYFCp:J4W2UNEAHJRxBkM+sATqXI+X |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\RIJUQL1C\desktop.ini.RYK | 354 bytes |
MD5:
e35bd10f326f4a6ded853f520fb18c52
SHA1: 018ce0e619f8305f945ea642775d722ae872beb6 SHA256: 23e88fe2a47a35248ed1d5b08deba0c6436bfa8405730e2ac4160fee81d584eb SSDeep: 6:Z7dX4gXC5pFW6bDXiXiK8LlatWaoudJP/UdBfvnSSNrnr/i3AVycG:kggp04mXGYb3/sfvSSNvi3AzG |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\X9OHK109\desktop.ini.RYK | 354 bytes |
MD5:
ba3bb2af4f93e2630d29db06584b373a
SHA1: 04b98c9e46698917d17fb2ec9327a9f488a9e364 SHA256: 291a1e8b5dd1d4d5880b1b0d41739af44baa29da2d05bad24e767d601bd5733f SSDeep: 6:lp1JCwJ9+nioNErHqXmjeptOqqpoJ4i5V5NoG1YcXKKQEvtA:b1T9+n2rHqWjS4qqpXY5Bn7QEv6 |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\9qh4s0gz\css[2].txt | 466 bytes |
MD5:
9d71cb938c4e90926569c9c45bafd606
SHA1: f9c9674fae6920360ce60fbfc13ca010eded9765 SHA256: e23a94e5c2675c2ee8845ea0ad66092bef675bf87b19c47d0d197489da791cb7 SSDeep: 12:0k2kodMTZkWAL6tfRrw9W7991MOzsKbfu+gE5Slh:Ohd+ZwC09WhIkb0r |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\js[1].RYK | 1.22 KB |
MD5:
71d9e444d4068630fc951323a76c0a21
SHA1: 9ba3b22e97e67fe73e9c47fe59f526d28643944c SHA256: 47fe4233c5d006d7bf2ea9e933b64f7e3290e38eb8127e53d771856c2340fa44 SSDeep: 24:sHUCK0J0OWkIQQK3TsxTa+Abgiz89vSOhLMJkRi8YO2hADEGXHgYpl/nAa:uHjIPaeT8bgX9vAPQElMqa |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\v2[3].RYK | 12.19 KB |
MD5:
0af6c132fa791e67697d5c13af701814
SHA1: 6c121efec5a6af209adbbb84ff2e02274912502a SHA256: 6649d4fc3621008873824d1928516cd52462543323e495655d3ab94fc23df022 SSDeep: 384:53xJozDj87GDpnIa0494W+7plJK/HlK30uKBPMuo0yu9n5mTcd:5Y07UpnIaSJKPlKUPMGyy5mTcd |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\abv8l7my\core[1].css | 165.10 KB |
MD5:
21c56184a69f3f942a4cade1b75c6ec5
SHA1: 2062e6f47a5f9ec32deab8e13ded9b6c17dd8d02 SHA256: f47ac69c017861c30b1476ab346fc1a59cfec7fbd4efb1918df70bf98d07cc80 SSDeep: 3072:v+KvoXdz1+IJ/nPLbygytPlHru3IhxWlkw4DHQzfI5xEYzSVb2F1ffGmiLTlQV:FvOh+a/nPygy/LRhxWlkw4bQzz7CPTia |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\v2[2].RYK | 11.56 KB |
MD5:
10ed6becddd7a99ccf054a87c0868615
SHA1: fae1a1b5293f4b8d49d9b3dcd6693c88ea8707d8 SHA256: 8db2b84d22b3a0c282474a0cbdd2079ca29585045bd2cac7f71b9297f734ccb4 SSDeep: 192:KMGy8pPUWmYF/wxdeeuHfiW+249QLBKfRQ9AKdnRU2d4PNOjbRmMNz40UrPEU6Se:x8pMtxQeuaWS6LBURioG4PNEbpqEivqp |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\f[1].txt.RYK | 13.47 KB |
MD5:
c589b6663a80d18668636fc3eaf66f0b
SHA1: c4f14004339265cc9dff8b492bc72160c12f5af1 SHA256: 9f2af29f512a83f143ec4af285d5869a1a89fad7381f199127cac639294ea8b4 SSDeep: 192:l5XrcvvrmKmIqtDfYJGx842BtvRFxu4tjeuCEhfBbgZmID6AHJqbNxqa4q6X37:g3SKC9fYskbxuMoeLfMda9OL |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\abv8l7my\standard[1] | 85.31 KB |
MD5:
75c0f155d90c8c7d4d31aed373d3a80b
SHA1: 3dc7d7d572aa8c54c823895cf12a830263b27a74 SHA256: 50c6c503c0417f5aa91a620e23f831e8e0eeec5bb46ebc914833a083cbf365f4 SSDeep: 1536:7LlUNBH9wSWeDhQCe1q5qh6jJ8hcr2ZH3GKmEkF4TEyBHgcG7HqqOVKRn:HaNASWeD21q5qhE8WrmGKScBHfG7HqqD |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\abv8l7my\desktop.ini | 354 bytes |
MD5:
94e46a549d2301de9ae1e444a8701221
SHA1: 8d783b1c559cac18841ae366b4d07edc3178c088 SHA256: 6a71f0fda52c39aa0c76adc91c8b0b5002b8a7776f0a20a010fa7c2f4b7e1f91 SSDeep: 6:vdfznMe7cgoPTuS1kjd4hO/BC1F1TFaAqUaQoNxU+8Qxkwz5nzu:FfznfaPTusCdJ/BCP1ZaQIkykwz5nC |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\v2[4].RYK | 11.69 KB |
MD5:
f181ecbb6f0375219197e01258522349
SHA1: e39faab4209023a61da56838f1c7b05ec2bbc43e SHA256: 684086782faa2eaca74c5d1d8cc251426faa709b90f53a68ce4a52870d5e3f05 SSDeep: 192:o3QneX0W6Pd87G7zicmnGVXqnh/vuTZjrx1F7G+9DXBuGo5yriRruMQcwI:o3QneXOPd8YOHuqhHuNjF7D9zBufBUI |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\v2[1].RYK | 11.74 KB |
MD5:
e2faefffa626121917462a1c8d0c0d39
SHA1: aa56caf2a29e65e356ebd611393f77a457ea690e SHA256: b955c28e42040370232b43df0a8cd5cdae7bbf5d43c91301f3873c6e55413082 SSDeep: 192:NmxlRDxI310OSP9FXnStG6B/PUSQtt4CGNMuxYsqu4JrrLT/9JsiMSKdxuZA:NclRWpSFFV6B/HAteMMIrHwi+SW |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\desktop.ini.RYK | 354 bytes |
MD5:
64daf6573e54ba509fb45813af8bab16
SHA1: a38d98bd27e9ce3c74144f2a821ea6be73998dfc SHA256: 2b44a7414b33ede141bb7f610c174632240489d71c37a20bdb6a9a382aba6173 SSDeep: 6:AwX8zO4kRJEE4JQjn1Ue/jf4peggO6JSiS1GWtRNl+sD7drkW:hXyPkRuE4eBUeLgpZSZol7dn |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\js[1].RYK | 1.47 KB |
MD5:
2fc231a99ca0fadd30b7468bd77f5768
SHA1: e9738c0a3dad8c26b57e1a3e335bd8c126b599b3 SHA256: 364ed7b28db529d73f4e29dd71f4b45af53333a608d9938c8dc2c95be928a33d SSDeep: 24:88fthx9V1mqo4TxhYGzQq7eif7vF2Wgzq4E/VC7QTV1TAj/RvlgG0:88FxrogXzQq3+qpYcTV1Ullgp |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\js[2].RYK | 1.63 KB |
MD5:
05bf882767890846f6708d3c9ee6ddd2
SHA1: 628e93129c5c0de8efcf7bb2aab348e619977445 SHA256: b78d994aeed73002cd9c8d83e4fd8cc702321c096e67a9a423d39682fad736dc SSDeep: 48:G8Ik+P0Cdzd6tcTREKS3xnpaqvUNbo1a5A5:7IkXCd03tvUNbw5 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\index.dat.RYK | 336.28 KB |
MD5:
1fb43130f05fe1a760e58524dbc9d3a4
SHA1: 74942eb79d5ccf5f823e74127621ae3daf456f33 SHA256: 71eecc03ec67156778a0b43d4ef8908dc69c1cae9aabe999bfdf3525d1d2a058 SSDeep: 6144:uT63bAT/BuBspxID5Z63AlA2i2oasXD8CdAf2+tqMey1awTXaNQRY2LVZu:uQ0T/BuBsTID5ZgAANasT8Cdup0MeObk |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\yg1r61z8\desktop.ini | 354 bytes |
MD5:
87853b9bbe1d3679e8d18ab99f611c00
SHA1: 199913c53e7c1db5436075da82cb2d7d5332a157 SHA256: ff291cbd2033ae7019e293d78eb1b0995a6ac3ad70419f7c2a20e974b1f3b518 SSDeep: 6:kJoztUsxDjR89fwLmMT8tkCngwqQNgmHcqMf1mzKpEAsBf4lK7Qxn8OGv:1xDjefHSnCBLcfmzKyHth7unHGv |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\YG1R61Z8\js[1].RYK | 1.46 KB |
MD5:
57300a6bad1e924f86ac79ae1db73339
SHA1: db1b04d16b68a6015a3d2b5528fe4b2cd1c395f7 SHA256: d295d58039045493879a4df0b737585339c5e659d60fa5ed9b1f352604420bfc SSDeep: 24:mP4TAX14lJxjP6PHVfJ+OJl4u19TNVLz5vCFq3Se8hT0/0BXR+MF4ATPYaW4C7nh:pAlFPH2C4uHxVLtaq3B8hT3BP4ATG4uh |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\YG1R61Z8\v2[1].RYK | 13.06 KB |
MD5:
f1eef902b5d4b9194f3395fd7be421f2
SHA1: 70b20f2e99b77f2628c6f3c3a758550863492585 SHA256: 1ef20a5849bed202828fb52772d3d890339f6eead3f204d689d3397b159f49b6 SSDeep: 384:ZGdo6EnU0tths2gbfhBBsRQZRMCQ1lF8Y:JtW75BBsbFF |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\YG1R61Z8\js[2].RYK | 1.22 KB |
MD5:
6e4bd84f820df6c41c6416e9a5a2480d
SHA1: 8ea2f08d027e3c74b0cd730b6bbaa956d7bddc57 SHA256: 25d8da206c4e9081e521ec1e47b6ae48b9e2388467e81128cb741e310b9d226a SSDeep: 24:USB+l3PNW+NNIzgj3VTjBy/84QBHzJKrFOYILGG+6DK25RFo6EtJ4VB7qmpRs:vUPXzV5y/BQqrFOY6+6DK25RFo6OibRs |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms.RYK | 28.28 KB |
MD5:
c204567a0a0629b199c906b7537920ae
SHA1: 4221df7be141877ab44e1d439c7b73e71da00bf5 SHA256: 5b5dabbfc7ee51af6dbeb29b8f48415ab24ce0478de9e1287a52e31f1d5efc9f SSDeep: 768:O5YmOWcSOLWKA+3zoGj01mwAPJV1eFpSI62mkz:OFOvSxKzzp01m/BeFAIv |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Work~.feed-ms.RYK | 28.28 KB |
MD5:
736ad57e211c9aaf750de6f7d9f95033
SHA1: 1e147fe88c9eeb63638f57ba8546e524ce7ec0eb SHA256: ca99ea9195bb23dd026b008ca5e0212c439d3d9f14517df49e2d6729967273ae SSDeep: 768:EmMm8ZQaPDLAIeI2nInjeaL3HQVNRK2cGFmg:mm8poIe2CaKhR |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\0000E713\11_All_Pictures.wpl.RYK | 866 bytes |
MD5:
6dd51634a938e4af711e428b9c9c3495
SHA1: fac77434dd4df678f84e0e9cd3b10d632693d464 SHA256: 5d4e6d33dccfe1e8fc53d87db394eaf7c23b18f88d8cbfcb503110c4a00922af SSDeep: 24:EaO7Wf2wZioAz8ccv+N90YXHceD3WaGWSk:EaO7WvooKpuUHnT2WSk |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\0000E713\12_All_Video.wpl.RYK | 1.33 KB |
MD5:
722dfbf85f07c0d25d6de237da2a9c66
SHA1: 4f9c455203dc3107a00abafc79a4b2bc7efda5fe SHA256: 69a6f6067b549768a784641e7edb98b064576262c32fd614850a872943648003 SSDeep: 24:UvRT2qOqUrY93WPJhuXtAdXHCLJyeVAtZrkBh/kpJz7DNMd998nvn:UtWqUrYZCd3CLJyUAtZh3DNMKn |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\11_All_Pictures.wpl.RYK | 866 bytes |
MD5:
5f2835ab37dbf8267e265e3cbe8938d9
SHA1: 7ab6923e727279936dc573734a6553c3d6736c6d SHA256: cfdb3d948c6acb46e5f4a1c841fdda5bb5e68ebb5ab0e4e113e99777970588fe SSDeep: 24:4sRdWPOH5gK+TGeZuM8JWWO9i+XCKJ8n+xBiFzrLLeOu0dCXHYX:4UdWtRyeZujDhONNxMxypc64X |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\12_All_Video.wpl.RYK | 1.33 KB |
MD5:
4b4a39371697ad52d7c6de9414d355b3
SHA1: 22553e68463ebef0102e3068e3c7916474e89d25 SHA256: 02e06db7913dd5d702f39bfad6fe0697a0498bb54814ffb8af344575305f4c58 SSDeep: 24:ILUhR8sFqNpoWdbs+5NN3rGkyiBQZ0cL2oxgMMtycmdgnFLjjHAH21o20Z3:IFfNpnZs+5NN3hCco7ayqnFzHp1o20B |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\0000E713\10_All_Music.wpl.RYK | 1.31 KB |
MD5:
1e88c5091312b3b42318f63358dac0ae
SHA1: 27f2e88d421a76453b780413a6caca71db77b883 SHA256: 0f59032179183ffbdc9218cefc26f419d9e5f62ddc0fd994780c673f503be74f SSDeep: 24:9SPnHzm/Zu2kQ3dN0M/4cE+IRX30JHDoN4er9UWCkOUCWROw3SjxyWn:9SPKDkQNNr/4cEdRX3KDo/WWCfcOcSNb |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\10_All_Music.wpl.RYK | 1.31 KB |
MD5:
66b3de3ada6c4bd321261a21ea5c378f
SHA1: 733482f5094de7df0fe01a51a14ce619cb2ee528 SHA256: 88ad931e9a3e73f23d09ec4b2211cd4dc8351664ce85bb401dc3310a5c58cd8a SSDeep: 24:fWN8XZlWCBwk/attTYzvvHv8XhCydflwNvzqUglM44/4fetegijikIuTD0DIQZ:kOYC295SHHvLydflszoNGsBBo5 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ONetConfig\350db95df4cbd94b2a1c300510e12e11.xml.RYK | 2.25 KB |
MD5:
772b363fcb6d56031d5d7173eddebcad
SHA1: 3655ac53a39b1929d096da009a361c78240d5c23 SHA256: ffd6dd6cdfe32ebec9b03a880f091752a89ce89e8dbbbd87d6db816e9ed16d1d SSDeep: 48:DBhfEFjTmcmqE5gv4dHzeBdDUuXu/EQJnYvYyGMbQNZOXJ5LZC7Y:NhsFjT6g4HoDUuS5nYRIAXJ+7Y |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ONetConfig\350db95df4cbd94b2a1c300510e12e11.sig.RYK | 418 bytes |
MD5:
16c7eebb3f5df9e9c2a42d548785f607
SHA1: 8d4a422a4f5e329533bf0d18bf091231123bcc5f SHA256: 5a8cf142bc08e27cf0940201bdac20f6309cf36a14c0d1814d5641391a7069c7 SSDeep: 6:Ii1jNB3Ue9VUwgQq2w3A4uzMs7BZyoLlVEjnMVED6U7MTGi0LtOMyazWk8weEBCO:JB3VVUL0w3D8ygSMV8slMyaPHbH |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows mail\account{047ef9ce-9c1f-4250-9ca7-d206db8b643c}.oeaccount | 1.75 KB |
MD5:
1a1e28d2843697f7759e069f92baffb9
SHA1: 74369a12bf8bc8cb4544a6a729131b4df7e62ea2 SHA256: 757d4da9f5d5b9023bf1e4c831cae1fa4fa4139ae3ed24c0e4f10ff907706921 SSDeep: 24:7zXjYknaMcAJk6k52H1Vwz85nUmKIGNrw+cg3NN96+Iakx/QYmiod4V:7HY8zh+2H1KGUmKIerw5gdN964V9td4V |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows mail\account{1cd43f3b-668b-4ca8-b816-34f74122ec0f}.oeaccount | 962 bytes |
MD5:
3bf08fda2ae4d9405095355dd8e4a0e0
SHA1: d6ffaf5cb241c18b9401104cf2f60695af2155fb SHA256: 5aa9dcd9787ccb1b1aba87c24731d3203a48089c3a7db12252f8396e7b8c95ca SSDeep: 24:OT94uKkyU0Qo6+RumueHhpJbxoVYMcxu4X6uD:OT94mo6+weFxIrequD |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows mail\account{af0db737-2ef9-4633-bf5e-1a6761ed1577}.oeaccount | 1.97 KB |
MD5:
f1ed512bc48db3421cca486689c4af79
SHA1: 85b0f1ea36e108f83fe4342a807124506c87b941 SHA256: cb4796ec88f55feca8fbd5ef203c312f4db5203dc470f48930618d9d43d58671 SSDeep: 48:ItZYliFzNmzBVgW4Q9M1rUeXxX5WtgQC13peYhSHW:IyiFz4BiW4Q9tOP7peY8W |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Backup\old\WindowsMail.MSMessageStoreMusic.wpl.RYK.RYK | 2.02 MB |
MD5:
87c6722ddc726fe80446d0fc4c0abf9f
SHA1: 8f5da038f94dde1c3b57df55147d6b142db81599 SHA256: 54f45cdb513da4baa2e015c9785eb6f0f734e5076cc433d8a2b7408a7ecfc5e4 SSDeep: 49152:4dpIbxXW4RxWptIRH0XLi+h5QndxYMd0l7KTZXyYMEFTlSbMIhuw:4dpItNQwU2+hmn7q0tyU6bzuw |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\03J4UQW0\desktop.inideo.wpl.RYK.RYK | 354 bytes |
MD5:
eda42d86af495ea8334cafe549ab4851
SHA1: 7c15db8243ea9cb787ce055110c944987e72e2fd SHA256: 0803f99f38a42283d4f5f15ecc9d942590503ff650d59727ff348dd083d45a72 SSDeep: 6:vT15cEAjQ/faDUL8COsCCCx5cktcNHtYKUU5IjG0V8ANp+xLYM:vh5cEAIYsCCCptcVtFUJlE |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\KETAJP6D\desktop.ini.RYK | 354 bytes |
MD5:
297738bb4c48f02f2f8b357aa0bf8179
SHA1: f449b3d23aed7f05c9f7093428d538cab706a094 SHA256: 8837b5246123bf429c434ed04c9f9a52fad7fd911e7c5848f789b3734b44b9a3 SSDeep: 6:LwjH2nl3ax5AsknmCpqo/VMD2LlszeOXfM7Wr2zzLM0GVdAw7k7uRqEeTPN:Lwz2awsumCkoSqLOZ07WqznM04Y73N |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\VB18B0KB\desktop.inideo.wpl.RYK.RYK | 354 bytes |
MD5:
d8376ac62fe4641be926b318e7f38829
SHA1: 3bbb79787c10d64d12bbde95c45904bfd8b5d848 SHA256: 4fed3e425e1b6c2cb316230e7d52f0106e8807ddfdb7fda11fb3f820e294a3a8 SSDeep: 6:y+S9QDQ0gHhTSghNXEa5k0exdmpPaDWvW3chQUq80gJKdhNcBUuDRhT/uJ70lFn:yJ9Q83HhTSkFEa5k0ex8oPG7JvyhNcBn |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\meversion[1].RYK | 4.66 KB |
MD5:
7ef123112b8fea5d69ec6a1cf1182aa0
SHA1: 0553c34abb70a09b0c6a7c4780234bf301e89b9a SHA256: 46dbe0b641dabc80286371ca3c11aa09337c2340344d5ae5785216d3ca984967 SSDeep: 96:t2lkwWaYZVFjjfdimd6SUx3P+mRHXhTg/hgr9Z0w7RrqjuA7A:tikw6bPbUhLHXhTKCZZ0fjuA7A |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\desktop.initaEvents.RYK.RYK | 354 bytes |
MD5:
34294a3af7ed9908e07d206b2d65f8b3
SHA1: e3949e4fe5e40c1fadb720ff52a7e01b8dc13b8c SHA256: df2d6d16a92547e945091373dfac572a03a15e4abe057942960e6455360367da SSDeep: 6:h1bar5fYaLjhn+KQc3CDIkuttD5a2SKNqr1+FvFAOcHcb+rvPNYvie9:hIYaULGIkEsFlnyzFne9 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\28-8f3193-f30905ea[1].RYK | 231.60 KB |
MD5:
dc2cfd907f8c3e70e23c0e3b55043637
SHA1: f6ae405d8316d8be0437c12df87b85eae382ff0f SHA256: f4be7dc0a11b276310e18b8e22edba6e10e3b6a9b008940d1124e741fcf6d796 SSDeep: 3072:ICDiDEh+bi+S/uHfn1zH8/n7NoSHsrvY8pPxliE6FGbUPjUAIp+PaXsPT7iB0yoY:bR+S/g17KNBsrxtx/aXj0+SX2yo2G/e |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\ie8[1].txt.RYK | 386 bytes |
MD5:
6d41d34dde98521aeaf0eb96605e1f61
SHA1: 3eba48f722e6fa58cf1734129b9878e5c6f6a627 SHA256: fd616e33d5ff87982397d2f5ab5e86fde69a0be49b7449a0958905eadc8800e1 SSDeep: 12:NrOYKaZF3bJPWpdzep7sxVt9/bhFSRr90:NrxZF3bJupdzeexVz/b2rO |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\AA42EP9[1].png.RYK | 738 bytes |
MD5:
d74d6c165aed7567ffbbc45d7caee632
SHA1: 86fafee6e1f0d85e5ea710e1f7b3f9cc84cfd4c3 SHA256: 6c627a894dfbf2d2dd1f10386a55faa33baa4072ed296d52367fb15a6f8b4e5c SSDeep: 12:ttu200ccmnDN7WRku1MOe2SZAIiusuckRvvoaqYvlgwSaCKHnYvYdhERC3Pzy+:20c/Wf19e/Riu3YWqsCKYvCk2Pzx |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\BB6Ma4a[1].png.RYK | 674 bytes |
MD5:
7a0e97fc9b75008b23eb4c9ed4b20d62
SHA1: da3d3a9e9389162bb06e1bd74d7235adc9a4ebef SHA256: c8d85229f29ca34d3880d5bf3ba63c3822860f0ad28b0ec924d2eb6e34b36af5 SSDeep: 12:ptjFoK/QDft/rwrGwfw3A1utkJ0NYPUTwC4AQjuAGiZH14eI3DyrJxA1WAOhzMB9:pRR4/rwinw1FJxgwH7juwH14eUDyrsxv |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\AA3vOVA[1].png.RYK | 930 bytes |
MD5:
9321d6d5807c8b43b6a908fcb89b4a7f
SHA1: c6d83905dfc9c887aeaac28a11eb29d437a1e7ed SHA256: 40421cd5ec0dd27d0e04b39942508a3a6bd2260c9660b831a5694b819f48b7bf SSDeep: 12:fsf/85NF+ln1vxOJmA/aGiUVWRrNzaTu45vlFDQWDsCLbyyv7KekRuvFWDoqUV2:SOXC1tGuBaTuQ9GEsCLbyyv7wuvk1 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\BBC0rDa[2].jpg.RYK | 2.27 KB |
MD5:
93be5c207c34c1866713a1ffb97c8938
SHA1: a38b60a88f8db63c565b20231c5ef35ebaaea25c SHA256: e732abb0863505dafa9029bcbf4ea9a0c554be636fa915a60e920011a4afc277 SSDeep: 48:oKVyzjEiWofvdPsD2gQra3n3V/Wzcxc5i0NaVgFyFpVeGX:9VyzjvWAvd+2gQraWgS80N8JeI |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\BBDRbsH[1].jpg.RYK | 2.33 KB |
MD5:
1d63135c33e99402e10684e9686df65a
SHA1: 375f6c00f5e6f9dd5b880b51cb850a84f66c6e3b SHA256: d060b7c232ae90c559f465f8ced1b613ac2942ce95b08a11ec97dd8be2ff3613 SSDeep: 48:+sdRvggEdl/4280QuJmERAeOxb0Z+H3Bz5O47KXy6Ea6sU1dBrbgAUDC5:+Uvg9XQ2828ERjOxHNUy6E9sKRUU |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\BBBVGsM[1].jpg.RYK | 7.88 KB |
MD5:
32c465420cf6c64f76af4ccca55c16b7
SHA1: 82513f6fc854b6458ec41ead2f1187384057b31b SHA256: 4fea8219de0fcff855e034b2e40a030c83f27ff29f048eed4c329845642fc796 SSDeep: 192:ALVxxrclTb+C0eTIC8MVt2coUm5t1sgvkWDXmc+Cu5+:ALVjyeHeTOMicoB5jiWNTs+ |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\BBC0rDa[1].jpg.RYK | 6.41 KB |
MD5:
c9bbdb086355f577fddce4e19ae00113
SHA1: f7d8475a65cc5167efdf13929ee7270db31f56d4 SHA256: 513a0e20e90494d44a94355ea1335d424626dc3b304c7307b55a4510df4659fc SSDeep: 96:abjuMbhseEZmXFU6EOr0fAk3rWGhUVzgVaud4VbsB/0uQuv4:KiHe0uFjEa04IhUZ6OVe/0A4 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\BB1CcOi[1].png.RYK | 754 bytes |
MD5:
40e6ac20376319bbbe116b61d0421930
SHA1: 5e3dc0532d7570073c3386a71f36a811e8e9209b SHA256: 51b3d7ac09c057c49a8feb2d87a284c29a2967cbd30e51095d55a1d03cbd81c6 SSDeep: 12:07Ki/OKDrF7+9nA5EkqHpzGhZ2AOadyF2S5nZZBPCYtHx0zxyXm3cnsVQAHu7MC6:0eiRBOA63qhZ2ArdyF/tbtHsy4+uWMTf |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\BBEdqEy[1].jpg.RYK | 1.92 KB |
MD5:
7bd4d4b211ad53c0f035968b059a2a5c
SHA1: b6834aaac7ebf01f206e924ed029afe075cd5fc6 SHA256: 619ae649e2dce70e518ca0c515841de235c53b000216afa0a5e137d5d0c71419 SSDeep: 48:juMxL7dNfExS5oxeUKV9F00ZahB5mhHQ9Oz6tV8Y1dRgL:6MxL7dNsxSOx9k00ZahB5mJJ+taY1dRa |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\BBEdtWw[1].jpg.RYK | 1.99 KB |
MD5:
e2880400ddbffff2895402aa9412e311
SHA1: 454f4ade857b4be1a89b0ad96047772a20eae702 SHA256: f9789808389928e4d724261e4bb408e88f4809d205daa8c25adbb9ee98247dc3 SSDeep: 48:NaJ2iruCFSi6B05VQhY3WyJ1Yik/eagfpPCJ3eYv0:8MiruCFSi6BCW7a1Y23MJ30 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\BBEdoQv[1].jpg.RYK | 2.64 KB |
MD5:
ec3fd9b073a552b57f61d8b833ec25a7
SHA1: efd55e14b24420ae120e664f0b54211823dcb0e4 SHA256: f21eeecaf93e1c42813d8cc05d5a686864b9af05c62303a4d88263e3aee6c611 SSDeep: 48:AmG8uOMnkIbKV/e2y8qf87sswvEoabh5dhIMcWPqH0GX2FYoZVqWVaCq:AWIs/I3f87ssruRWCH0pYoZVqWjq |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\AA3e3XC[2].png.RYK | 594 bytes |
MD5:
6b1979e0911e631359d25bd406fdc31e
SHA1: c4a7f8c4e24475600a84df402b2783282b446b69 SHA256: 98fa3f1dc4d4ef42824addbdcd45b6b726aff6aaf1bf6bfbf16297036a51460c SSDeep: 12:04zB5w0D8ehUZuNFjYkGJEtlYDoicPh7xcWYb1KvJRpgKP:5B5BtBZoJKlYEi+JCWgGJXgKP |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\BBC0mlu[1].jpg.RYK | 1.56 KB |
MD5:
5eca9e3a99cb42b0e9f9810c80654539
SHA1: 9ae401d7d7b37e3a6bd7321f182b11d9ba8d50bf SHA256: 8e72f04a740ddcdfea946a10f8871a9221303fda4af6b60c9dae40fb97d18b8e SSDeep: 24:xru9vh2wF0q47cMo+lXBR0iHx4ET7LmK2EfCV0gaSMtX/gRlgNF8FF5LqWLqt:xs5Yq1MPHx4ET+Kz754jvnLqt |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\BBBzxW1[1].jpg.RYK | 9.46 KB |
MD5:
83322ec6064740bb55a62d1f48556331
SHA1: ea1f3d02bde2644b9cbec355b9ce53c3be0c6c93 SHA256: 2b1a60c9bccaecb0f8e7a55f71c0309d8ac36ac0bbb12957818110fb70d76a6a SSDeep: 192:e2bJVggsZ2YLMF5/Y9winsnM2kB3TaJjyaTEYSrGbSDumj2:9bf6Z2YLig9LnsexatEY0uk2 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\print[1].txtHEV1.DAT.RYK.RYK | 450 bytes |
MD5:
3b7e11b7dedbcdadfde78d028a1ed6b7
SHA1: b117bd96e50bb670a98b5925635640f939a0c06d SHA256: 5b69a6ca520565380eaebae9356aa8a0682301581a1cb3d3e102311d56b68bfd SSDeep: 12:X9tg3rh08qStujUPvWSaCHv5rMQGiIOkSX4U/qngo0K2:HC08/+SaCHv5rM+kViN |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\th[1].jpg].jpg.RYK.RYK | 2.55 KB |
MD5:
1edd0739252fcbcadf3804d74347800c
SHA1: 4a628a49d26a9820efe21194ce32176efbe4344e SHA256: 63c39146f32f68589e76070015230a518609307c8377280cc665ec14539e44cc SSDeep: 48:FZLFIkP+8yKBigEWrJjwlnNAOG+2BmXHp7Log2Fnygo0x1gyi+ngM9004TN:FZxIkP+8yCj8+OBqmXp7LT0QyXgM9Po |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\desktop.inijpg.RYK.RYK | 354 bytes |
MD5:
f4012ca01e35fb22e97820909de114a6
SHA1: 879c9b10f4440951bbddf6930b473735a05622ef SHA256: 3550f753c5b08bc8d6bbd02794df35c04babcf7eb592a66d931de3eb38df9697 SSDeep: 6:D8nXgOfY7QIaFNam7IkHwdOn2P8AYoKZeoQiCEY1A8ox5ailxda80:DMgOYQIaym7RhnQosEY1A8clS |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\adfscript[1]ng.RYK.RYK | 10.39 KB |
MD5:
4bb66762c344d7e8b943f06dd072ebd9
SHA1: e2e4dbc17c1e2de5e49f530e3fbb8b8fe2529ea7 SHA256: 638063a677aa88766d5645732cd8ac63faa3d7d5efb1bd6010c3a7c30993101f SSDeep: 192:cfdB+qI8R8vJHAAKoOR/XpLffPJykinUNu71EZJxQfj8qSw:MfPeR295HPJyeNu714YdSw |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\adfserve[1]png.RYK.RYK | 4.05 KB |
MD5:
b7a92f95ee17cc759260f5c92426dbe2
SHA1: 5b75e69477d44bbe5dede384ae1f949b4f9a3773 SHA256: d48b98ccb859102eea92cb7659596b94a84596c6cd5da324e79febc06c70090a SSDeep: 96:/sx02/Chs/mHBWsjtGK7QQAKY7KiMkNEoquAWR:/M02/ChsGBmMQQFMACxquAWR |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\YG1R61Z8\css[1].txt.RYK | 154.71 KB |
MD5:
c01c8dbc8faddf7d5c35f9b18a26e6ff
SHA1: 3a5786537b4fc813eb58b979c2fb47d3874a0571 SHA256: 055b836090593da42197702a9f170fc447f4107902dcf6a67ecabd2a1fa491a0 SSDeep: 3072:Dt3vG0LSlJ3x46RJknbnpW4/6suYbJnHjZCr2PQ2u60vbmjS5whtp9:BG0LyJ3x4gGP/xuYbJnHjMr2NAbQh5 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\YG1R61Z8\adfscript[1]pg.RYK.RYK | 10.39 KB |
MD5:
9ad652de43ddec72bcb1ab91db0a9533
SHA1: 57a8e314258d5de03cb538300c9f3f574ec79637 SHA256: 070aa358a87001e9269f7bb7ee5ad536fa04a77a1c1cd02e88bf50745f465bfe SSDeep: 192:hOO3mIjczc0W++4JLVtE580MVZIYuiZ+AyKK0Crm5MOZnV:hF3mIS3LPeCIYN3lKEJZnV |
|
|
Host Behavior
File (6320)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
24 | |
| Create | C:\Boot\cs-CZ\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\da-DK\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\de-DE\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\el-GR\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\en-US\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\es-ES\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\fi-FI\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\fr-FR\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\hu-HU\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\it-IT\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\ja-JP\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\ko-KR\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\nb-NO\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\nl-NL\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\pl-PL\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\pt-BR\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\pt-PT\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\ru-RU\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\sv-SE\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\tr-TR\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\zh-CN\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\zh-HK\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\zh-TW\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Config.Msi\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Adobe\Acrobat\10.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Adobe\Acrobat\10.0\Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Adobe\Acrobat\10.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Adobe\Color\Profiles\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Adobe\Acrobat\10.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Adobe\Acrobat\10.0\Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Adobe\Acrobat\10.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Adobe\Color\Profiles\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Adobe\Color\Profiles\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
4 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
4 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
4 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
12 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Deployment\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\CrashReports\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
5 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Cookies\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\History\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\WPDNSE\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\Data\CJW3O3KP.BX7\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\DQQ19BCJ.JAX\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Deployment\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\CrashReports\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\MSHist012019051420190515\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\MSHist012017071220170713\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
5 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
11 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Credentials\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Event Viewer\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\Microsoft Feeds~\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
5 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\1NBUR4HR\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\6ASVN7J7\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\D68G7BIJ\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\KQMHSVKD\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IME12\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IMJP12\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IMJP8_1\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IMJP9_0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\BCD | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\BCD.LOG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\BCD.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\chs_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\cht_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\kor_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\jpn_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\wgl4_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\bootmgr | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\AdobeSysFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\SharedDataEvents | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\UserCache.bin | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\GDIPFONTCACHEV1.DAT | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\-a7SmuxhmwT.doc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\1q_7S _sJf7Tgt_vFyHJ.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\2Ise-Ppyw83fH2.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\38RWDVPqFt.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\3j8x0.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\6KsdAPr-AQyrne7e.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8Vk8gt GR.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\AdobeARM.log | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aImHx4A_fCPTlscU1db.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\bamyKU.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\d5RHPi.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Dxiox.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EAVX9vRcQnt.swf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Egfaspk KdC.doc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\FFXb5Q.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\FXSAPIDebugLogFile.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\FzyP0ete9V.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\g8Rbj.ppt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\GFXDbgy2_p.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\GiI5169L DkXv.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\hA1ampWxCrELO.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\IrsixE.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JYIc.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\poiRR3VU0BNb4H.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Pt6EdEMYkXGVOlL.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\pzZGoFZ cjbZITKhSi.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Q3n_NxKh6qQDrqPXiJ.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Qt84e7C8eLCYfMRCQN.swf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qY5jARVmFjOrGj.xls | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RWi77TEZNRMGP1 8C-Y.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\t3oT7y2.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\tSQTBue_nr0Cv7YAUz.csv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\U16SMX eax3bc.ots | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\uVMZVeP-wve9.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\xSxhLvKszJn.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\_8Uk6OzF5I.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\_9vOSCvIM6yj_Fag.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\index.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\index.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\CurrentDatabase_372.wmdb | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Transcoded Files Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\LocalMLS_3.wmdb | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wsRGB.icc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wscRGB.icc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\ACECache11.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\UserCache.bin | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\SharedDataEvents | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeSysFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Adobe\Acrobat\10.0\AdobeSysFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Adobe\Acrobat\10.0\SharedDataEvents | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Adobe\Acrobat\10.0\UserCache.bin | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Adobe\Acrobat\10.0\UserCache.bin | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Adobe\Acrobat\10.0\AdobeSysFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\UserCache.bin | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\UserCache.bin | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\UserCache.bin | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\UserCache.bin | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\UserCache.bin | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\UserCache.bin | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\UserCache.bin | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\FRMCACHE.DAT | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\BCD.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\BOOTSECT.BAK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\BOOTSTAT.DAT | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Adobe\Color\ACECache11.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Adobe\Color\Profiles\wsRGB.icc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Adobe\Color\Profiles\wscRGB.icc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\AdobeSysFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Adobe\Acrobat\10.0\SharedDataEvents | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\AdobeSysFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\SharedDataEvents | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\SharedDataEvents | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
4 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\GDIPFONTCACHEV1.DAT | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\SharedDataEvents | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Adobe\Color\ACECache11.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\SharedDataEvents | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\AdobeSysFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\AdobeSysFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\SharedDataEvents | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\SharedDataEvents | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\AdobeSysFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\AdobeSysFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\SharedDataEvents | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\AdobeSysFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\14.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\14.0\OfficeFileCache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Groove\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Groove\System\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Groove\User\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ONetConfig\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Outlook\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Outlook\RoamCache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
5 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Publisher\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\TaskSchedulerConfig\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
12 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\1024\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\1033\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
4 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\Burn\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\Burn1\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\Burn2\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Caches\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Explorer\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\GameExplorer\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Ringtones\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Themes\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\ERC\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\ReportArchive\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Outlook\mapisvc.inf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Outlook\Outlook.sharing.xml.obi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\content14.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\thumbs.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Backup\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Media\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Media\12.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Sidebar\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edb.chk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edb.log | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edb00001.log | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edbres00001.jrs | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edbres00002.jrs | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\oeold.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\WindowsMail.MSMessageStore | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\WindowsMail.pat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\1q_7S _sJf7Tgt_vFyHJ.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Cookies\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\bamyKU.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aImHx4A_fCPTlscU1db.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\AdobeARM.log | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\History\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Cookies\index.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\-a7SmuxhmwT.doc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\History\History.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\History\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\History\History.IE5\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\History\History.IE5\index.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8Vk8gt GR.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\6KsdAPr-AQyrne7e.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\3j8x0.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\38RWDVPqFt.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\2Ise-Ppyw83fH2.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\FXSAPIDebugLogFile.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\WPDNSE\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
6 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.MSO\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.Word\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Virtualized\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\Data\CJW3O3KP.BX7\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\Data\CJW3O3KP.BX7\6NG60CXZ.9GJ\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\Data\CJW3O3KP.BX7\6NG60CXZ.9GJ\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\Data\CJW3O3KP.BX7\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\DQQ19BCJ.JAX\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Qt84e7C8eLCYfMRCQN.swf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Pt6EdEMYkXGVOlL.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\poiRR3VU0BNb4H.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\IrsixE.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\GFXDbgy2_p.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Egfaspk KdC.doc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\d5RHPi.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
4 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\manifests\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\DQQ19BCJ.JAX\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Deployment\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\CrashReports\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\MSHist012019051420190515\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\MSHist012017071220170713\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Dxiox.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qY5jARVmFjOrGj.xls | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Q3n_NxKh6qQDrqPXiJ.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\pzZGoFZ cjbZITKhSi.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\hA1ampWxCrELO.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\GiI5169L DkXv.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\FzyP0ete9V.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EAVX9vRcQnt.swf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\uVMZVeP-wve9.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\U16SMX eax3bc.ots | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\tSQTBue_nr0Cv7YAUz.csv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RWi77TEZNRMGP1 8C-Y.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\GDIPFONTCACHEV1.DAT | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Credentials\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\index.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\_9vOSCvIM6yj_Fag.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\_8Uk6OzF5I.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\xSxhLvKszJn.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\t3oT7y2.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\FFXb5Q.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\g8Rbj.ppt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JYIc.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\desktop.ini.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Event Viewer\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\Microsoft Feeds~\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Work~.feed-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\Microsoft Feeds~\MSNBC News~.feed-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\1NBUR4HR\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\6ASVN7J7\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\D68G7BIJ\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\KQMHSVKD\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\1NBUR4HR\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\1NBUR4HR\fwlink[1] | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\6ASVN7J7\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\6ASVN7J7\fwlink[1] | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\KQMHSVKD\ieonline.microsoft[1] | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
10 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\D68G7BIJ\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\D68G7BIJ\fwlink[1] | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\KQMHSVKD\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\KQMHSVKD\fwlink[1] | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\index.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IME12\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\FRMCACHE.DAT | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IMJP12\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IMJP8_1\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IMJP9_0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
5 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\3LKBQZJ3\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\8NES5H33\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\FKLUIDU0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.bak | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\OWLVMZRC\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Active\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Transcoded Files Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\14.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\index.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\frameiconcache.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\CurrentDatabase_372.wmdb | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\LocalMLS_3.wmdb | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\14.0\OfficeFileCache\FSD-CNRY.FSD | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\14.0\OfficeFileCache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\14.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Groove\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Groove\System\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Groove\User\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Groove\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ONetConfig\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Outlook\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\14.0\OfficeFileCache\FSD-{48508C83-EC67-468F-AA1F-6F3CAF625658}.FSD | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\14.0\OfficeFileCache\FSF-CTBL.FSF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ONetConfig\350db95df4cbd94b2a1c300510e12e11.sig | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ONetConfig\350db95df4cbd94b2a1c300510e12e11.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Outlook\RoamCache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Outlook\RoamCache\Stream_ContactPrefs_2_F230E11936B7D740A008FFC660E83C71.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Outlook\mapisvc.inf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Outlook\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Publisher\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\TaskSchedulerConfig\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
5 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
11 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\1024\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\1033\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\Burn\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\Burn1\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\thumbs.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\content14.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Outlook\Outlook.sharing.xml.obi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\Burn2\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Caches\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Explorer\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\GameExplorer\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\MSHist012019051420190515\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\Low\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\Low\History.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\Low\History.IE5\MSHist012017071220170713\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\Low\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Ringtones\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Themes\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\ERC\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\ReportArchive\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Backup\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Backup\old\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Backup\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Backup\old\edb00001.log | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Backup\old\WindowsMail.MSMessageStore | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Backup\old\WindowsMail.pat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edb.chk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edb.log | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edb00001.log | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edbres00001.jrs | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Green Bubbles.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\GreenBubbles.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Hand Prints.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edbres00002.jrs | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\oeold.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Garden.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Garden.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\HandPrints.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Orange Circles.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\OrangeCircles.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Shades of Blue.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\ShadesOfBlue.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Soft Blue.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\SoftBlue.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Roses.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Roses.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Media\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Peacock.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Peacock.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Bears.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Bears.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Stars.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Stars.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\WindowsMail.MSMessageStore | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\WindowsMail.pat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Media\12.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Media\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Sidebar\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Sidebar\Gadgets\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Sidebar\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Media\12.0\WMSDKNS.XML | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Cookies\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\FXSAPIDebugLogFile.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\History\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\History\History.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\History\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\t3oT7y2.gif.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Media\12.0\WMSDKNS.DTD | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\-a7SmuxhmwT.doc.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\1q_7S _sJf7Tgt_vFyHJ.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\2Ise-Ppyw83fH2.gif.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\38RWDVPqFt.flv.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\3j8x0.mp4.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\6KsdAPr-AQyrne7e.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8Vk8gt GR.mp3.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Sidebar\Settings.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\AdobeARM.log.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aImHx4A_fCPTlscU1db.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\bamyKU.jpg.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Cookies\index.dat.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\d5RHPi.m4a.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Dxiox.jpg.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EAVX9vRcQnt.swf.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Egfaspk KdC.doc.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\FFXb5Q.flv.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\FzyP0ete9V.gif.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\g8Rbj.ppt.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\GFXDbgy2_p.mp3.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\GiI5169L DkXv.gif.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\hA1ampWxCrELO.wav.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\History\History.IE5\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\History\History.IE5\index.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RWi77TEZNRMGP1 8C-Y.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qY5jARVmFjOrGj.xls.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Qt84e7C8eLCYfMRCQN.swf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Q3n_NxKh6qQDrqPXiJ.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\pzZGoFZ cjbZITKhSi.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Pt6EdEMYkXGVOlL.wav.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\poiRR3VU0BNb4H.mp4.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JYIc.avi.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\IrsixE.wav.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
5 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\03J4UQW0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\KETAJP6D\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\VB18B0KB\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\XT1RPYG9\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\WPDNSE\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\index.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\_9vOSCvIM6yj_Fag.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\tSQTBue_nr0Cv7YAUz.csv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\U16SMX eax3bc.ots.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\uVMZVeP-wve9.mp3.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\xSxhLvKszJn.png.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\_8Uk6OzF5I.wav.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
5 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\MM5O9XQS\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\PMMR5K9K\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\RIJUQL1C\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\X9OHK109\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.MSO\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.Word\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\AntiPhishing\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
5 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\YG1R61Z8\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\index.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Virtualized\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Virtualized\C\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Virtualized\C\Users\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\Data\CJW3O3KP.BX7\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\Data\CJW3O3KP.BX7\6NG60CXZ.9GJ\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\Data\CJW3O3KP.BX7\6NG60CXZ.9GJ\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\Data\CJW3O3KP.BX7\6NG60CXZ.9GJ\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\Data\CJW3O3KP.BX7\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\DQQ19BCJ.JAX\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\MSIMGSIZ.DAT | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\manifests\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\manifests\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\manifests\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\DQQ19BCJ.JAX\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Deployment\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\CrashReports\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\MSHist012019051420190515\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\GDIPFONTCACHEV1.DAT | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\desktop.ini.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\MSHist012017071220170713\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
17 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Credentials\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Event Viewer\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\MSHist012019051420190515\index.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\desktop.ini.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\desktop.ini.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\index.dat.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\MSHist012017071220170713\index.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\Microsoft Feeds~\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\1NBUR4HR\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\6ASVN7J7\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Work~.feed-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\Microsoft Feeds~\MSNBC News~.feed-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\1NBUR4HR\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\1NBUR4HR\fwlink[1].RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\6ASVN7J7\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\6ASVN7J7\fwlink[1].RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\D68G7BIJ\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\KQMHSVKD\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\D68G7BIJ\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\D68G7BIJ\fwlink[1].RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\desktop.ini.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\index.dat.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\KQMHSVKD\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\KQMHSVKD\fwlink[1].RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IME12\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IMJP12\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IMJP8_1\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IMJP9_0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\3LKBQZJ3\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\8NES5H33\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\FKLUIDU0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\KQMHSVKD\ieonline.microsoft[1] | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\OWLVMZRC\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\index.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\FRMCACHE.DAT.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.bak.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.txt.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Active\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\8NES5H33\get.adobe[1].xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{4BD650F1-C8F9-11E7-B5BF-C43DC7584A00}.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{AAE6BF5C-4991-11E7-8E2B-C43DC7584A00}.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\frameiconcache.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{4BD650F0-C8F9-11E7-B5BF-C43DC7584A00}.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{69512155-C8F9-11E7-B5BF-C43DC7584A00}.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\CurrentDatabase_372.wmdb | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\0000E713\01_Music_auto_rated_at_5_stars.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\0000E713\02_Music_added_in_the_last_month.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\0000E713\03_Music_rated_at_4_or_5_stars.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\0000E713\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\0000E713\04_Music_played_in_the_last_month.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\0000E713\05_Pictures_taken_in_the_last_month.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\0000E713\06_Pictures_rated_4_or_5_stars.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\0000E713\07_TV_recorded_in_the_last_week.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\0000E713\08_Video_rated_at_4_or_5_stars.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\0000E713\09_Music_played_the_most.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\0000E713\10_All_Music.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\0000E713\11_All_Pictures.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\0000E713\12_All_Video.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\01_Music_auto_rated_at_5_stars.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\02_Music_added_in_the_last_month.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\03_Music_rated_at_4_or_5_stars.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\LocalMLS_3.wmdb.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\04_Music_played_in_the_last_month.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\05_Pictures_taken_in_the_last_month.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\06_Pictures_rated_4_or_5_stars.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\07_TV_recorded_in_the_last_week.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\08_Video_rated_at_4_or_5_stars.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\09_Music_played_the_most.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\10_All_Music.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\11_All_Pictures.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\12_All_Video.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Transcoded Files Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\14.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\14.0\OfficeFileCache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\14.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Groove\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Groove\System\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Groove\User\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Groove\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ONetConfig\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\14.0\OfficeFileCache\FSD-{48508C83-EC67-468F-AA1F-6F3CAF625658}.FSD | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ONetConfig\350db95df4cbd94b2a1c300510e12e11.sig | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ONetConfig\350db95df4cbd94b2a1c300510e12e11.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Outlook\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Outlook\RoamCache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Outlook\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Publisher\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\TaskSchedulerConfig\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
11 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\1024\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\1033\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\Burn\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\Burn1\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\Burn2\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Caches\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Explorer\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\GameExplorer\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Outlook\mapisvc.inf.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Outlook\Outlook.sharing.xml.obi.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Outlook\RoamCache\Stream_ContactPrefs_2_F230E11936B7D740A008FFC660E83C71.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\content14.dat.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\thumbs.dat.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\14.0\OfficeFileCache\FSF-CTBL.FSF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\14.0\OfficeFileCache\FSD-CNRY.FSD | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\MSHist012019051420190515\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\Low\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\Low\History.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\Low\History.IE5\MSHist012017071220170713\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\Low\History.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\Low\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Ringtones\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
5 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
5 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\MM5O9XQS\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\PMMR5K9K\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\RIJUQL1C\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\X9OHK109\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.MSO\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.Word\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
5 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YG1R61Z8\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Virtualized\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Virtualized\C\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Themes\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\ERC\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\ReportArchive\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini | size = 145, size_out = 145 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\desktop.ini | size = 145, size_out = 145 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\desktop.ini | size = 145, size_out = 145 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\desktop.ini | size = 145, size_out = 145 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\1NBUR4HR\desktop.ini | size = 67, size_out = 67 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\6ASVN7J7\desktop.ini | size = 67, size_out = 67 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\D68G7BIJ\desktop.ini | size = 67, size_out = 67 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\KQMHSVKD\desktop.ini | size = 67, size_out = 67 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\desktop.ini | size = 67, size_out = 67 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Desktop.ini | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Desktop.ini | size = 645, size_out = 645 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\History\History.IE5\desktop.ini | size = 145, size_out = 145 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\desktop.ini | size = 67, size_out = 67 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\desktop.ini | size = 67, size_out = 67 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\1NBUR4HR\desktop.ini | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\6ASVN7J7\desktop.ini | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\D68G7BIJ\desktop.ini | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\KQMHSVKD\desktop.ini | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Desktop.ini | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\History\History.IE5\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\03J4UQW0\desktop.ini | size = 67, size_out = 67 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\desktop.ini | size = 67, size_out = 67 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\desktop.ini | size = 67, size_out = 67 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\KETAJP6D\desktop.ini | size = 67, size_out = 67 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\VB18B0KB\desktop.ini | size = 67, size_out = 67 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\XT1RPYG9\desktop.ini | size = 67, size_out = 67 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\MM5O9XQS\desktop.ini | size = 67, size_out = 67 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\PMMR5K9K\desktop.ini | size = 67, size_out = 67 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\RIJUQL1C\desktop.ini | size = 67, size_out = 67 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\X9OHK109\desktop.ini | size = 67, size_out = 67 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\desktop.ini | size = 67, size_out = 67 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\desktop.ini | size = 67, size_out = 67 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\desktop.ini | size = 67, size_out = 67 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\desktop.ini | size = 67, size_out = 67 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\YG1R61Z8\desktop.ini | size = 67, size_out = 67 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\6ASVN7J7\desktop.ini.wav.RYK.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\D68G7BIJ\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\KQMHSVKD\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\1NBUR4HR\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\History\History.IE5\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\03J4UQW0\desktop.ini | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\KETAJP6D\desktop.ini | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\VB18B0KB\desktop.ini | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\XT1RPYG9\desktop.ini | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\MM5O9XQS\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\PMMR5K9K\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\RIJUQL1C\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\X9OHK109\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\desktop.ini | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\desktop.ini | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\desktop.ini | size = 25, size_out = 25 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini | size = 160 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\desktop.ini | size = 160 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\desktop.ini | size = 160 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\desktop.ini | size = 160 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\1NBUR4HR\desktop.ini | size = 80 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\1NBUR4HR\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\1NBUR4HR\desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\6ASVN7J7\desktop.ini | size = 80 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\6ASVN7J7\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\6ASVN7J7\desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\D68G7BIJ\desktop.ini | size = 80 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\D68G7BIJ\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\D68G7BIJ\desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\KQMHSVKD\desktop.ini | size = 80 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\KQMHSVKD\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\KQMHSVKD\desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\desktop.ini | size = 80 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Desktop.ini | size = 656 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\History\History.IE5\desktop.ini | size = 160 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\History\History.IE5\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\History\History.IE5\desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\desktop.ini | size = 80 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\desktop.ini | size = 627 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\desktop.ini | size = 80 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\03J4UQW0\desktop.ini | size = 80 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\03J4UQW0\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\03J4UQW0\desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\desktop.ini | size = 80 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\desktop.ini | size = 80 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\KETAJP6D\desktop.ini | size = 80 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\KETAJP6D\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\KETAJP6D\desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\VB18B0KB\desktop.ini | size = 80 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\VB18B0KB\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\VB18B0KB\desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\XT1RPYG9\desktop.ini | size = 80 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\XT1RPYG9\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\XT1RPYG9\desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\XT1RPYG9\desktop.ini | size = 627 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\MM5O9XQS\desktop.ini | size = 80 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\MM5O9XQS\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\MM5O9XQS\desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\PMMR5K9K\desktop.ini | size = 80 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\PMMR5K9K\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\PMMR5K9K\desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\RIJUQL1C\desktop.ini | size = 80 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\RIJUQL1C\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\RIJUQL1C\desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\X9OHK109\desktop.ini | size = 80 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\X9OHK109\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\X9OHK109\desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\desktop.ini.RYK | size = 627 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\desktop.ini | size = 80 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\desktop.ini | size = 80 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\desktop.ini | size = 80 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\desktop.ini | size = 80 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\YG1R61Z8\desktop.ini | size = 80 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\YG1R61Z8\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\YG1R61Z8\desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\KETAJP6D\desktop.ini | size = 627 |
|
1 | |
|
For performance reasons, the remaining 3859 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
Process (588)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | taskkill | show_window = SW_HIDE |
|
1 | |
| Create | net | show_window = SW_HIDE |
|
1 | |
| Create | net | show_window = SW_HIDE |
|
10 | |
| Enumerate Processes | - | - |
|
499 | |
| Enumerate Processes | - | - |
|
11 | |
| Open | System | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\smss.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\csrss.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\wininit.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\csrss.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\winlogon.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\services.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\lsass.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\lsm.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\audiodg.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\dwm.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\explorer.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\spoolsv.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\taskhost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\taskeng.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\taskhost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\microsoft office\weekends.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\common files\divisions-threshold-gibraltar.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\windows defender\cingular.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\msbuild\expires bahamas juice.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\windows defender\fpresellerfunction.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\mozilla maintenance service\violations_accompanying_show.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\common files\immigration.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\windows portable devices\dumb_si.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\windows media player\mentioned-de-fc.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\windows portable devices\portsmouth.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\windows media player\guy coffee glenn.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\windows photo viewer\argued.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\common files\neil_cheese_modern.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\internet explorer\tribal_dutch.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\windows journal\centres_guys_ja.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\reference assemblies\mayor.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\java\budget nelson pantyhose.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\reference assemblies\fence.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\mozilla firefox\forest.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\wbem\wmiprvse.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\dwm.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\taskhost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\taskeng.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\microsoft office\weekends.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\common files\divisions-threshold-gibraltar.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\windows defender\cingular.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\msbuild\expires bahamas juice.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\windows defender\fpresellerfunction.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\mozilla maintenance service\violations_accompanying_show.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\common files\immigration.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\windows portable devices\dumb_si.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\windows media player\mentioned-de-fc.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\windows portable devices\portsmouth.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\windows media player\guy coffee glenn.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\windows photo viewer\argued.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\common files\neil_cheese_modern.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\internet explorer\tribal_dutch.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\windows journal\centres_guys_ja.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\reference assemblies\mayor.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\java\budget nelson pantyhose.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\reference assemblies\fence.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\mozilla firefox\forest.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 |
Thread (22)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | c:\windows\system32\dwm.exe | proc_address = 0x30001982, proc_parameter = 805306368, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| Create | c:\windows\system32\taskhost.exe | proc_address = 0x30001982, proc_parameter = 805306368, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| Create | c:\windows\system32\taskeng.exe | proc_address = 0x30001982, proc_parameter = 805306368, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| Create | c:\program files\microsoft office\weekends.exe | proc_address = 0x30001982, proc_parameter = 805306368, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| Create | c:\program files (x86)\common files\divisions-threshold-gibraltar.exe | proc_address = 0x30001982, proc_parameter = 805306368, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| Create | c:\program files (x86)\windows defender\cingular.exe | proc_address = 0x30001982, proc_parameter = 805306368, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| Create | c:\program files (x86)\msbuild\expires bahamas juice.exe | proc_address = 0x30001982, proc_parameter = 805306368, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| Create | c:\program files\windows defender\fpresellerfunction.exe | proc_address = 0x30001982, proc_parameter = 805306368, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| Create | c:\program files (x86)\mozilla maintenance service\violations_accompanying_show.exe | proc_address = 0x30001982, proc_parameter = 805306368, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| Create | c:\program files\common files\immigration.exe | proc_address = 0x30001982, proc_parameter = 805306368, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| Create | c:\program files\windows portable devices\dumb_si.exe | proc_address = 0x30001982, proc_parameter = 805306368, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| Create | c:\program files\windows media player\mentioned-de-fc.exe | proc_address = 0x30001982, proc_parameter = 805306368, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| Create | c:\program files (x86)\windows portable devices\portsmouth.exe | proc_address = 0x30001982, proc_parameter = 805306368, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| Create | c:\program files (x86)\windows media player\guy coffee glenn.exe | proc_address = 0x30001982, proc_parameter = 805306368, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| Create | c:\program files (x86)\windows photo viewer\argued.exe | proc_address = 0x30001982, proc_parameter = 805306368, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| Create | c:\program files (x86)\common files\neil_cheese_modern.exe | proc_address = 0x30001982, proc_parameter = 805306368, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| Create | c:\program files\internet explorer\tribal_dutch.exe | proc_address = 0x30001982, proc_parameter = 805306368, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| Create | c:\program files\windows journal\centres_guys_ja.exe | proc_address = 0x30001982, proc_parameter = 805306368, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| Create | c:\program files (x86)\reference assemblies\mayor.exe | proc_address = 0x30001982, proc_parameter = 805306368, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| Create | c:\program files (x86)\java\budget nelson pantyhose.exe | proc_address = 0x30001982, proc_parameter = 805306368, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| Create | c:\program files\reference assemblies\fence.exe | proc_address = 0x30001982, proc_parameter = 805306368, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| Create | c:\program files (x86)\mozilla firefox\forest.exe | proc_address = 0x30001982, proc_parameter = 805306368, flags = THREAD_RUNS_IMMEDIATELY |
|
1 |
Memory (47)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Allocate | c:\windows\system32\dwm.exe | address = 805306368, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 2936832 |
|
1 | |
| Allocate | c:\windows\system32\taskhost.exe | address = 805306368, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 2936832 |
|
1 | |
| Allocate | c:\windows\system32\taskeng.exe | address = 805306368, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 2936832 |
|
1 | |
| Allocate | c:\program files\microsoft office\weekends.exe | address = 805306368, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 2936832 |
|
1 | |
| Allocate | c:\program files (x86)\common files\divisions-threshold-gibraltar.exe | address = 805306368, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 2936832 |
|
1 | |
| Allocate | c:\program files (x86)\windows defender\cingular.exe | address = 805306368, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 2936832 |
|
1 | |
| Allocate | c:\program files (x86)\msbuild\expires bahamas juice.exe | address = 805306368, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 2936832 |
|
1 | |
| Allocate | c:\program files\windows defender\fpresellerfunction.exe | address = 805306368, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 2936832 |
|
1 | |
| Allocate | c:\program files (x86)\mozilla maintenance service\violations_accompanying_show.exe | address = 805306368, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 2936832 |
|
1 | |
| Allocate | c:\program files\common files\immigration.exe | address = 805306368, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 2936832 |
|
1 | |
| Allocate | c:\program files\windows portable devices\dumb_si.exe | address = 805306368, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 2936832 |
|
1 | |
| Allocate | c:\program files\windows media player\mentioned-de-fc.exe | address = 805306368, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 2936832 |
|
1 | |
| Allocate | c:\program files (x86)\windows portable devices\portsmouth.exe | address = 805306368, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 2936832 |
|
1 | |
| Allocate | c:\program files (x86)\windows media player\guy coffee glenn.exe | address = 805306368, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 2936832 |
|
1 | |
| Allocate | c:\program files (x86)\windows photo viewer\argued.exe | address = 805306368, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 2936832 |
|
1 | |
| Allocate | c:\program files (x86)\common files\neil_cheese_modern.exe | address = 805306368, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 2936832 |
|
1 | |
| Allocate | c:\program files\internet explorer\tribal_dutch.exe | address = 805306368, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 2936832 |
|
1 | |
| Allocate | c:\program files\windows journal\centres_guys_ja.exe | address = 805306368, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 2936832 |
|
1 | |
| Allocate | c:\program files (x86)\reference assemblies\mayor.exe | address = 805306368, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 2936832 |
|
1 | |
| Allocate | c:\program files (x86)\java\budget nelson pantyhose.exe | address = 805306368, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 2936832 |
|
1 | |
| Allocate | c:\program files\reference assemblies\fence.exe | address = 805306368, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 2936832 |
|
1 | |
| Allocate | c:\program files (x86)\mozilla firefox\forest.exe | address = 805306368, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 2936832 |
|
1 | |
| Free | c:\windows\system32\dwm.exe | address = 805306368, free_type = MEM_RELEASE, size = 0 |
|
1 | |
| Free | c:\windows\system32\taskhost.exe | address = 805306368, free_type = MEM_RELEASE, size = 0 |
|
1 | |
| Free | c:\windows\system32\taskeng.exe | address = 805306368, free_type = MEM_RELEASE, size = 0 |
|
1 | |
| Write | c:\windows\system32\dwm.exe | address = 0x30000000, size = 2936832 |
|
1 | |
| Write | c:\windows\system32\taskhost.exe | address = 0x30000000, size = 2936832 |
|
1 | |
| Write | c:\windows\system32\taskeng.exe | address = 0x30000000, size = 2936832 |
|
1 | |
| Write | c:\program files\microsoft office\weekends.exe | address = 0x30000000, size = 2936832 |
|
1 | |
| Write | c:\program files (x86)\common files\divisions-threshold-gibraltar.exe | address = 0x30000000, size = 2936832 |
|
1 | |
| Write | c:\program files (x86)\windows defender\cingular.exe | address = 0x30000000, size = 2936832 |
|
1 | |
| Write | c:\program files (x86)\msbuild\expires bahamas juice.exe | address = 0x30000000, size = 2936832 |
|
1 | |
| Write | c:\program files\windows defender\fpresellerfunction.exe | address = 0x30000000, size = 2936832 |
|
1 | |
| Write | c:\program files (x86)\mozilla maintenance service\violations_accompanying_show.exe | address = 0x30000000, size = 2936832 |
|
1 | |
| Write | c:\program files\common files\immigration.exe | address = 0x30000000, size = 2936832 |
|
1 | |
| Write | c:\program files\windows portable devices\dumb_si.exe | address = 0x30000000, size = 2936832 |
|
1 | |
| Write | c:\program files\windows media player\mentioned-de-fc.exe | address = 0x30000000, size = 2936832 |
|
1 | |
| Write | c:\program files (x86)\windows portable devices\portsmouth.exe | address = 0x30000000, size = 2936832 |
|
1 | |
| Write | c:\program files (x86)\windows media player\guy coffee glenn.exe | address = 0x30000000, size = 2936832 |
|
1 | |
| Write | c:\program files (x86)\windows photo viewer\argued.exe | address = 0x30000000, size = 2936832 |
|
1 | |
| Write | c:\program files (x86)\common files\neil_cheese_modern.exe | address = 0x30000000, size = 2936832 |
|
1 | |
| Write | c:\program files\internet explorer\tribal_dutch.exe | address = 0x30000000, size = 2936832 |
|
1 | |
| Write | c:\program files\windows journal\centres_guys_ja.exe | address = 0x30000000, size = 2936832 |
|
1 | |
| Write | c:\program files (x86)\reference assemblies\mayor.exe | address = 0x30000000, size = 2936832 |
|
1 | |
| Write | c:\program files (x86)\java\budget nelson pantyhose.exe | address = 0x30000000, size = 2936832 |
|
1 | |
| Write | c:\program files\reference assemblies\fence.exe | address = 0x30000000, size = 2936832 |
|
1 | |
| Write | c:\program files (x86)\mozilla firefox\forest.exe | address = 0x30000000, size = 2936832 |
|
1 |
Module (129)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | api-ms-win-core-synch-l1-2-0 | base_address = 0x0 |
|
2 | |
| Load | api-ms-win-core-synch-l1-2-0 | base_address = 0x74650000 |
|
2 | |
| Load | api-ms-win-core-fibers-l1-1-1 | base_address = 0x0 |
|
4 | |
| Load | kernel32 | base_address = 0x0 |
|
2 | |
| Load | kernel32 | base_address = 0x76c20000 |
|
2 | |
| Load | advapi32 | base_address = 0x0 |
|
1 | |
| Load | advapi32 | base_address = 0x74d40000 |
|
1 | |
| Load | api-ms-win-core-localization-l1-2-1 | base_address = 0x0 |
|
2 | |
| Load | kernel32.dll | base_address = 0x76c20000 |
|
1 | |
| Load | mpr.dll | base_address = 0x74820000 |
|
1 | |
| Load | advapi32.dll | base_address = 0x74d40000 |
|
1 | |
| Load | ole32.dll | base_address = 0x755e0000 |
|
1 | |
| Load | Shell32.dll | base_address = 0x75fd0000 |
|
1 | |
| Load | Iphlpapi.dll | base_address = 0x74b50000 |
|
1 | |
| Get Handle | c:\users\5p5nrgjn0js halpmcxz\desktop\_00270000.mem.exe | base_address = 0x30000000 |
|
22 | |
| Get Filename | api-ms-win-core-localization-l1-2-1 | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\_00270000.mem.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\_00270000.mem.exe, size = 260 |
|
2 | |
| Get Filename | api-ms-win-core-localization-l1-2-1 | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\_00270000.mem.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\_00270000.mem.exe, size = 100 |
|
1 | |
| Get Address | c:\windows\syswow64\api-ms-win-core-synch-l1-2-0.dll | function = InitializeCriticalSectionEx, address_out = 0x0 |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsAlloc, address_out = 0x76c34f2b |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsSetValue, address_out = 0x76c34208 |
|
2 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = EventRegister, address_out = 0x7716f6ba |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = EventSetInformation, address_out = 0x0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsGetValue, address_out = 0x76c31252 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = LCMapStringEx, address_out = 0x76cb47f1 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = LoadLibraryA, address_out = 0x76c349d7 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLastError, address_out = 0x76c311c0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualFree, address_out = 0x76c3186e |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptExportKey, address_out = 0x74d491ea |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = DeleteFileW, address_out = 0x76c389b3 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetDriveTypeW, address_out = 0x76c3418b |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCommandLineW, address_out = 0x76c35223 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetStartupInfoW, address_out = 0x76c34d40 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindNextFileW, address_out = 0x76c354ee |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualAlloc, address_out = 0x76c31856 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = GetUserNameA, address_out = 0x74d6a4b4 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ExitProcess, address_out = 0x76c37a10 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Wow64RevertWow64FsRedirection, address_out = 0x76c4d668 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateProcessA, address_out = 0x76c31072 |
|
1 | |
| Get Address | c:\windows\syswow64\iphlpapi.dll | function = GetIpNetTable, address_out = 0x74b5e52a |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetVersionExW, address_out = 0x76c31ae5 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Wow64DisableWow64FsRedirection, address_out = 0x76c4d650 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetSystemDefaultLangID, address_out = 0x76c5d346 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = GetUserNameW, address_out = 0x74d5157a |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ReadFile, address_out = 0x76c33ed3 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegQueryValueExA, address_out = 0x74d548ef |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CloseHandle, address_out = 0x76c31410 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegSetValueExW, address_out = 0x74d514d6 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegCloseKey, address_out = 0x74d5469d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileA, address_out = 0x76c558e5 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFileAttributesW, address_out = 0x76c4d4f7 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WinExec, address_out = 0x76cb2c21 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDeriveKey, address_out = 0x74d83188 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptGenKey, address_out = 0x74d48ee9 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Sleep, address_out = 0x76c310ff |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentProcess, address_out = 0x76c31809 |
|
1 | |
| Get Address | c:\windows\syswow64\shell32.dll | function = ShellExecuteW, address_out = 0x75fe3c71 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileSize, address_out = 0x76c3196e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GlobalAlloc, address_out = 0x76c3588e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindClose, address_out = 0x76c34442 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WaitForMultipleObjects, address_out = 0x76c34220 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleFileNameA, address_out = 0x76c314b1 |
|
1 | |
| Get Address | c:\windows\syswow64\shell32.dll | function = ShellExecuteA, address_out = 0x76217078 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleHandleA, address_out = 0x76c31245 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleFileNameW, address_out = 0x76c34950 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFileA, address_out = 0x76c353c6 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileSizeEx, address_out = 0x76c359e2 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WriteFile, address_out = 0x76c31282 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLogicalDrives, address_out = 0x76c35371 |
|
1 | |
| Get Address | c:\windows\syswow64\oleacc.dll | function = WNetEnumResourceW, address_out = 0x74823058 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyExW, address_out = 0x74d5468d |
|
1 | |
| Get Address | c:\windows\syswow64\oleacc.dll | function = WNetCloseEnum, address_out = 0x74822dd6 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetWindowsDirectoryW, address_out = 0x76c343e2 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFileAttributesA, address_out = 0x76c4ecd3 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyExA, address_out = 0x74d54907 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFilePointer, address_out = 0x76c317d1 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetTickCount, address_out = 0x76c3110c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileAttributesW, address_out = 0x76c31b18 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindFirstFileW, address_out = 0x76c34435 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptAcquireContextW, address_out = 0x74d4df14 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = MoveFileExW, address_out = 0x76c49b2d |
|
1 | |
| Get Address | c:\windows\syswow64\oleacc.dll | function = WNetOpenEnumW, address_out = 0x74822f06 |
|
1 | |
| Get Address | c:\windows\syswow64\ole32.dll | function = CoInitialize, address_out = 0x755fb636 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDecrypt, address_out = 0x74d83178 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptImportKey, address_out = 0x74d4c532 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFilePointerEx, address_out = 0x76c4c807 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileW, address_out = 0x76c5830d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FreeLibrary, address_out = 0x76c334c8 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateProcessW, address_out = 0x76c3103d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateDirectoryW, address_out = 0x76c34259 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateThread, address_out = 0x76c334d5 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDestroyKey, address_out = 0x74d4c51a |
|
1 | |
| Get Address | c:\windows\syswow64\ole32.dll | function = CoCreateInstance, address_out = 0x75629d0b |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFileW, address_out = 0x76c33f5c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileAttributesA, address_out = 0x76c35414 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptEncrypt, address_out = 0x74d6779b |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegDeleteValueW, address_out = 0x74d4cf31 |
|
1 |
Service (30)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
User (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Lookup Privilege | privilege = SeDebugPrivilege, luid = 20 |
|
1 | |
| Lookup Privilege | privilege = SeBackupPrivilege, luid = 17 |
|
1 |
System (52)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 5000 milliseconds (5.000 seconds) |
|
2 | |
| Sleep | duration = 500 milliseconds (0.500 seconds) |
|
22 | |
| Sleep | duration = 150 milliseconds (0.150 seconds) |
|
11 | |
| Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
10 | |
| Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Get Time | type = System Time, time = 2019-05-13 19:46:01 (UTC) |
|
1 | |
| Get Time | type = Performance Ctr, time = 16307919832 |
|
1 | |
| Get Info | type = Operating System |
|
2 | |
| Get Info | type = Windows Directory, result_out = C:\Windows |
|
2 |
Environment (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
1 |
Process #2: dwm.exe
0
0
| Information | Value |
|---|---|
| ID | #2 |
| File Name | c:\windows\system32\dwm.exe |
| Command Line | "C:\Windows\system32\Dwm.exe" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:00:52, Reason: Injection |
| Unmonitor | End Time: 00:02:05, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:13 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x448 |
| Parent PID | 0x334 (c:\windows\system32\svchost.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
978
0x
5E8
0x
464
0x
458
0x
44C
0x
12A0
0x
12B8
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #1: c:\users\5p5nrgjn0js halpmcxz\desktop\_00270000.mem.exe | 0xa40 | address = 0x30000000, size = 2936832 |
|
1 |
Process #3: taskhost.exe
0
0
| Information | Value |
|---|---|
| ID | #3 |
| File Name | c:\windows\system32\taskhost.exe |
| Command Line | "taskhost.exe" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:00:55, Reason: Injection |
| Unmonitor | End Time: 00:02:05, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:10 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x4ac |
| Parent PID | 0x1cc (c:\windows\system32\services.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
964
0x
7F4
0x
79C
0x
784
0x
77C
0x
778
0x
770
0x
4FC
0x
4E0
0x
4C4
0x
4B0
0x
BD4
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #1: c:\users\5p5nrgjn0js halpmcxz\desktop\_00270000.mem.exe | 0xa40 | address = 0x30000000, size = 2936832 |
|
1 |
Process #4: taskkill.exe
0
0
| Information | Value |
|---|---|
| ID | #4 |
| File Name | c:\windows\syswow64\taskkill.exe |
| Command Line | "C:\Windows\System32\taskkill.exe" /IM divisions-threshold-gibraltar.exe /F |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:00:55, Reason: Child Process |
| Unmonitor | End Time: 00:01:06, Reason: Self Terminated |
| Monitor Duration | 00:00:11 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xa68 |
| Parent PID | 0xa3c (c:\users\5p5nrgjn0js halpmcxz\desktop\_00270000.mem.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
A6C
0x
B0C
0x
B18
0x
B1C
0x
B20
|
Process #5: taskeng.exe
0
0
| Information | Value |
|---|---|
| ID | #5 |
| File Name | c:\windows\system32\taskeng.exe |
| Command Line | taskeng.exe {0E3013FB-5D32-4499-A940-035C87CD1A3B} S-1-5-21-3388679973-3930757225-3770151564-1000:XDUWTFONO\5p5NrGJn0jS HALPmcxz:Interactive:Highest[1] |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:00:56, Reason: Injection |
| Unmonitor | End Time: 00:02:05, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:09 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x50c |
| Parent PID | 0x36c (Unknown) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
974
0x
440
0x
578
0x
574
0x
520
0x
514
0x
510
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #1: c:\users\5p5nrgjn0js halpmcxz\desktop\_00270000.mem.exe | 0xa40 | address = 0x30000000, size = 2936832 |
|
1 |
Process #6: net.exe
0
0
| Information | Value |
|---|---|
| ID | #6 |
| File Name | c:\windows\syswow64\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "audioendpointbuilder" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:00:56, Reason: Child Process |
| Unmonitor | End Time: 00:01:11, Reason: Self Terminated |
| Monitor Duration | 00:00:14 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xa80 |
| Parent PID | 0xa3c (c:\users\5p5nrgjn0js halpmcxz\desktop\_00270000.mem.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
A84
|
Process #7: net.exe
0
0
| Information | Value |
|---|---|
| ID | #7 |
| File Name | c:\windows\syswow64\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:00:56, Reason: Child Process |
| Unmonitor | End Time: 00:01:04, Reason: Self Terminated |
| Monitor Duration | 00:00:07 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xa9c |
| Parent PID | 0xa3c (c:\users\5p5nrgjn0js halpmcxz\desktop\_00270000.mem.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
AA0
|
Process #8: weekends.exe
86
0
| Information | Value |
|---|---|
| ID | #8 |
| File Name | c:\program files\microsoft office\weekends.exe |
| Command Line | "C:\Program Files\Microsoft Office\weekends.exe" |
| Initial Working Directory | C:\Program Files\Microsoft Office\ |
| Monitor | Start Time: 00:00:56, Reason: Injection |
| Unmonitor | End Time: 00:01:12, Reason: Crashed |
| Monitor Duration | 00:00:16 |
| Remark | This is a randomly generated process started by the VMRay Analyzer prior to the sample analysis. |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x604 |
| Parent PID | 0x45c (c:\windows\explorer.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
950
0x
618
0x
AB8
0x
B6C
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| buffer | 0x30000000 | 0x302CCFFF | First Execution | - | 32-bit | 0x30008D3F, 0x30009855, ... |
|
|
|
| weekends.exe | 0x00E90000 | 0x00EA5FFF | Relevant Image | - | 32-bit | - |
|
|
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #1: c:\users\5p5nrgjn0js halpmcxz\desktop\_00270000.mem.exe | 0xa40 | address = 0x30000000, size = 2936832 |
|
1 | |
| Create Remote Thread | #1: c:\users\5p5nrgjn0js halpmcxz\desktop\_00270000.mem.exe | 0xa40 | address = 0x30001982 |
|
1 |
Host Behavior
File (2)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\users\Public\sys | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 | |
| Create | C:\users\Public\sys | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 |
Module (78)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | kernel32.dll | base_address = 0x76c20000 |
|
1 | |
| Load | mpr.dll | base_address = 0x74820000 |
|
1 | |
| Load | advapi32.dll | base_address = 0x74d40000 |
|
1 | |
| Load | ole32.dll | base_address = 0x755e0000 |
|
1 | |
| Load | Shell32.dll | base_address = 0x75fd0000 |
|
1 | |
| Load | Iphlpapi.dll | base_address = 0x74b50000 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = LoadLibraryA, address_out = 0x76c349d7 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLastError, address_out = 0x76c311c0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualFree, address_out = 0x76c3186e |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptExportKey, address_out = 0x74d491ea |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = DeleteFileW, address_out = 0x76c389b3 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetDriveTypeW, address_out = 0x76c3418b |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCommandLineW, address_out = 0x76c35223 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetStartupInfoW, address_out = 0x76c34d40 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindNextFileW, address_out = 0x76c354ee |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualAlloc, address_out = 0x76c31856 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = GetUserNameA, address_out = 0x74d6a4b4 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ExitProcess, address_out = 0x76c37a10 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Wow64RevertWow64FsRedirection, address_out = 0x76c4d668 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateProcessA, address_out = 0x76c31072 |
|
1 | |
| Get Address | c:\windows\syswow64\iphlpapi.dll | function = GetIpNetTable, address_out = 0x74b5e52a |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetVersionExW, address_out = 0x76c31ae5 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Wow64DisableWow64FsRedirection, address_out = 0x76c4d650 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetSystemDefaultLangID, address_out = 0x76c5d346 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = GetUserNameW, address_out = 0x74d5157a |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ReadFile, address_out = 0x76c33ed3 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegQueryValueExA, address_out = 0x74d548ef |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CloseHandle, address_out = 0x76c31410 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegSetValueExW, address_out = 0x74d514d6 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegCloseKey, address_out = 0x74d5469d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileA, address_out = 0x76c558e5 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFileAttributesW, address_out = 0x76c4d4f7 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WinExec, address_out = 0x76cb2c21 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDeriveKey, address_out = 0x74d83188 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptGenKey, address_out = 0x74d48ee9 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Sleep, address_out = 0x76c310ff |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentProcess, address_out = 0x76c31809 |
|
1 | |
| Get Address | c:\windows\syswow64\shell32.dll | function = ShellExecuteW, address_out = 0x75fe3c71 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileSize, address_out = 0x76c3196e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GlobalAlloc, address_out = 0x76c3588e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindClose, address_out = 0x76c34442 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WaitForMultipleObjects, address_out = 0x76c34220 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleFileNameA, address_out = 0x76c314b1 |
|
1 | |
| Get Address | c:\windows\syswow64\shell32.dll | function = ShellExecuteA, address_out = 0x76217078 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleHandleA, address_out = 0x76c31245 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleFileNameW, address_out = 0x76c34950 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFileA, address_out = 0x76c353c6 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileSizeEx, address_out = 0x76c359e2 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WriteFile, address_out = 0x76c31282 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLogicalDrives, address_out = 0x76c35371 |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetEnumResourceW, address_out = 0x74823058 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyExW, address_out = 0x74d5468d |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetCloseEnum, address_out = 0x74822dd6 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetWindowsDirectoryW, address_out = 0x76c343e2 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFileAttributesA, address_out = 0x76c4ecd3 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyExA, address_out = 0x74d54907 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFilePointer, address_out = 0x76c317d1 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetTickCount, address_out = 0x76c3110c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileAttributesW, address_out = 0x76c31b18 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindFirstFileW, address_out = 0x76c34435 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptAcquireContextW, address_out = 0x74d4df14 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = MoveFileExW, address_out = 0x76c49b2d |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetOpenEnumW, address_out = 0x74822f06 |
|
1 | |
| Get Address | c:\windows\syswow64\ole32.dll | function = CoInitialize, address_out = 0x755fb636 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDecrypt, address_out = 0x74d83178 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptImportKey, address_out = 0x74d4c532 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFilePointerEx, address_out = 0x76c4c807 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileW, address_out = 0x76c5830d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FreeLibrary, address_out = 0x76c334c8 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateProcessW, address_out = 0x76c3103d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateDirectoryW, address_out = 0x76c34259 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateThread, address_out = 0x76c334d5 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDestroyKey, address_out = 0x74d4c51a |
|
1 | |
| Get Address | c:\windows\syswow64\ole32.dll | function = CoCreateInstance, address_out = 0x75629d0b |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFileW, address_out = 0x76c33f5c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileAttributesA, address_out = 0x76c35414 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptEncrypt, address_out = 0x74d6779b |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegDeleteValueW, address_out = 0x74d4cf31 |
|
1 |
User (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Lookup Privilege | privilege = SeBackupPrivilege, luid = 17 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 5000 milliseconds (5.000 seconds) |
|
1 | |
| Get Info | type = Operating System |
|
1 | |
| Get Info | type = Windows Directory, result_out = C:\Windows |
|
1 |
Process #9: divisions-threshold-gibraltar.exe
82
0
| Information | Value |
|---|---|
| ID | #9 |
| File Name | c:\program files (x86)\common files\divisions-threshold-gibraltar.exe |
| Command Line | "C:\Program Files (x86)\Common Files\divisions-threshold-gibraltar.exe" |
| Initial Working Directory | C:\Program Files (x86)\Common Files\ |
| Monitor | Start Time: 00:00:57, Reason: Injection |
| Unmonitor | End Time: 00:01:06, Reason: Self Terminated |
| Monitor Duration | 00:00:08 |
| Remark | This is a randomly generated process started by the VMRay Analyzer prior to the sample analysis. |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x328 |
| Parent PID | 0x45c (c:\windows\explorer.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
94C
0x
344
0x
ABC
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| divisions-threshold-gibraltar.exe | 0x00FC0000 | 0x00FD5FFF | Relevant Image | - | 32-bit | - |
|
|
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #1: c:\users\5p5nrgjn0js halpmcxz\desktop\_00270000.mem.exe | 0xa40 | address = 0x30000000, size = 2936832 |
|
1 | |
| Create Remote Thread | #1: c:\users\5p5nrgjn0js halpmcxz\desktop\_00270000.mem.exe | 0xa40 | address = 0x30001982 |
|
1 |
Host Behavior
File (1)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\users\Public\sys | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 |
Module (78)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | kernel32.dll | base_address = 0x76c20000 |
|
1 | |
| Load | mpr.dll | base_address = 0x74820000 |
|
1 | |
| Load | advapi32.dll | base_address = 0x74d40000 |
|
1 | |
| Load | ole32.dll | base_address = 0x755e0000 |
|
1 | |
| Load | Shell32.dll | base_address = 0x75fd0000 |
|
1 | |
| Load | Iphlpapi.dll | base_address = 0x74b50000 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = LoadLibraryA, address_out = 0x76c349d7 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLastError, address_out = 0x76c311c0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualFree, address_out = 0x76c3186e |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptExportKey, address_out = 0x74d491ea |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = DeleteFileW, address_out = 0x76c389b3 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetDriveTypeW, address_out = 0x76c3418b |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCommandLineW, address_out = 0x76c35223 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetStartupInfoW, address_out = 0x76c34d40 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindNextFileW, address_out = 0x76c354ee |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualAlloc, address_out = 0x76c31856 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = GetUserNameA, address_out = 0x74d6a4b4 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ExitProcess, address_out = 0x76c37a10 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Wow64RevertWow64FsRedirection, address_out = 0x76c4d668 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateProcessA, address_out = 0x76c31072 |
|
1 | |
| Get Address | c:\windows\syswow64\iphlpapi.dll | function = GetIpNetTable, address_out = 0x74b5e52a |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetVersionExW, address_out = 0x76c31ae5 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Wow64DisableWow64FsRedirection, address_out = 0x76c4d650 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetSystemDefaultLangID, address_out = 0x76c5d346 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = GetUserNameW, address_out = 0x74d5157a |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ReadFile, address_out = 0x76c33ed3 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegQueryValueExA, address_out = 0x74d548ef |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CloseHandle, address_out = 0x76c31410 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegSetValueExW, address_out = 0x74d514d6 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegCloseKey, address_out = 0x74d5469d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileA, address_out = 0x76c558e5 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFileAttributesW, address_out = 0x76c4d4f7 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WinExec, address_out = 0x76cb2c21 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDeriveKey, address_out = 0x74d83188 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptGenKey, address_out = 0x74d48ee9 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Sleep, address_out = 0x76c310ff |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentProcess, address_out = 0x76c31809 |
|
1 | |
| Get Address | c:\windows\syswow64\shell32.dll | function = ShellExecuteW, address_out = 0x75fe3c71 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileSize, address_out = 0x76c3196e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GlobalAlloc, address_out = 0x76c3588e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindClose, address_out = 0x76c34442 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WaitForMultipleObjects, address_out = 0x76c34220 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleFileNameA, address_out = 0x76c314b1 |
|
1 | |
| Get Address | c:\windows\syswow64\shell32.dll | function = ShellExecuteA, address_out = 0x76217078 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleHandleA, address_out = 0x76c31245 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleFileNameW, address_out = 0x76c34950 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFileA, address_out = 0x76c353c6 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileSizeEx, address_out = 0x76c359e2 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WriteFile, address_out = 0x76c31282 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLogicalDrives, address_out = 0x76c35371 |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetEnumResourceW, address_out = 0x74823058 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyExW, address_out = 0x74d5468d |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetCloseEnum, address_out = 0x74822dd6 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetWindowsDirectoryW, address_out = 0x76c343e2 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFileAttributesA, address_out = 0x76c4ecd3 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyExA, address_out = 0x74d54907 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFilePointer, address_out = 0x76c317d1 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetTickCount, address_out = 0x76c3110c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileAttributesW, address_out = 0x76c31b18 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindFirstFileW, address_out = 0x76c34435 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptAcquireContextW, address_out = 0x74d4df14 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = MoveFileExW, address_out = 0x76c49b2d |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetOpenEnumW, address_out = 0x74822f06 |
|
1 | |
| Get Address | c:\windows\syswow64\ole32.dll | function = CoInitialize, address_out = 0x755fb636 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDecrypt, address_out = 0x74d83178 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptImportKey, address_out = 0x74d4c532 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFilePointerEx, address_out = 0x76c4c807 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileW, address_out = 0x76c5830d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FreeLibrary, address_out = 0x76c334c8 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateProcessW, address_out = 0x76c3103d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateDirectoryW, address_out = 0x76c34259 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateThread, address_out = 0x76c334d5 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDestroyKey, address_out = 0x74d4c51a |
|
1 | |
| Get Address | c:\windows\syswow64\ole32.dll | function = CoCreateInstance, address_out = 0x75629d0b |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFileW, address_out = 0x76c33f5c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileAttributesA, address_out = 0x76c35414 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptEncrypt, address_out = 0x74d6779b |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegDeleteValueW, address_out = 0x74d4cf31 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 5000 milliseconds (5.000 seconds) |
|
1 | |
| Get Info | type = Operating System |
|
1 | |
| Get Info | type = Windows Directory, result_out = C:\Windows |
|
1 |
Process #10: cingular.exe
98
0
| Information | Value |
|---|---|
| ID | #10 |
| File Name | c:\program files (x86)\windows defender\cingular.exe |
| Command Line | "C:\Program Files (x86)\Windows Defender\cingular.exe" |
| Initial Working Directory | C:\Program Files (x86)\Windows Defender\ |
| Monitor | Start Time: 00:00:58, Reason: Injection |
| Unmonitor | End Time: 00:02:05, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:07 |
| Remark | This is a randomly generated process started by the VMRay Analyzer prior to the sample analysis. |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x248 |
| Parent PID | 0x45c (c:\windows\explorer.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
948
0x
590
0x
AC0
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #1: c:\users\5p5nrgjn0js halpmcxz\desktop\_00270000.mem.exe | 0xa40 | address = 0x30000000, size = 2936832 |
|
1 | |
| Create Remote Thread | #1: c:\users\5p5nrgjn0js halpmcxz\desktop\_00270000.mem.exe | 0xa40 | address = 0x30001982 |
|
1 |
Host Behavior
File (6)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\users\Public\sys | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
6 |
Module (78)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | kernel32.dll | base_address = 0x76c20000 |
|
1 | |
| Load | mpr.dll | base_address = 0x74820000 |
|
1 | |
| Load | advapi32.dll | base_address = 0x74d40000 |
|
1 | |
| Load | ole32.dll | base_address = 0x755e0000 |
|
1 | |
| Load | Shell32.dll | base_address = 0x75fd0000 |
|
1 | |
| Load | Iphlpapi.dll | base_address = 0x74b50000 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = LoadLibraryA, address_out = 0x76c349d7 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLastError, address_out = 0x76c311c0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualFree, address_out = 0x76c3186e |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptExportKey, address_out = 0x74d491ea |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = DeleteFileW, address_out = 0x76c389b3 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetDriveTypeW, address_out = 0x76c3418b |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCommandLineW, address_out = 0x76c35223 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetStartupInfoW, address_out = 0x76c34d40 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindNextFileW, address_out = 0x76c354ee |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualAlloc, address_out = 0x76c31856 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = GetUserNameA, address_out = 0x74d6a4b4 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ExitProcess, address_out = 0x76c37a10 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Wow64RevertWow64FsRedirection, address_out = 0x76c4d668 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateProcessA, address_out = 0x76c31072 |
|
1 | |
| Get Address | c:\windows\syswow64\iphlpapi.dll | function = GetIpNetTable, address_out = 0x74b5e52a |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetVersionExW, address_out = 0x76c31ae5 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Wow64DisableWow64FsRedirection, address_out = 0x76c4d650 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetSystemDefaultLangID, address_out = 0x76c5d346 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = GetUserNameW, address_out = 0x74d5157a |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ReadFile, address_out = 0x76c33ed3 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegQueryValueExA, address_out = 0x74d548ef |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CloseHandle, address_out = 0x76c31410 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegSetValueExW, address_out = 0x74d514d6 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegCloseKey, address_out = 0x74d5469d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileA, address_out = 0x76c558e5 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFileAttributesW, address_out = 0x76c4d4f7 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WinExec, address_out = 0x76cb2c21 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDeriveKey, address_out = 0x74d83188 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptGenKey, address_out = 0x74d48ee9 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Sleep, address_out = 0x76c310ff |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentProcess, address_out = 0x76c31809 |
|
1 | |
| Get Address | c:\windows\syswow64\shell32.dll | function = ShellExecuteW, address_out = 0x75fe3c71 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileSize, address_out = 0x76c3196e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GlobalAlloc, address_out = 0x76c3588e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindClose, address_out = 0x76c34442 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WaitForMultipleObjects, address_out = 0x76c34220 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleFileNameA, address_out = 0x76c314b1 |
|
1 | |
| Get Address | c:\windows\syswow64\shell32.dll | function = ShellExecuteA, address_out = 0x76217078 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleHandleA, address_out = 0x76c31245 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleFileNameW, address_out = 0x76c34950 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFileA, address_out = 0x76c353c6 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileSizeEx, address_out = 0x76c359e2 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WriteFile, address_out = 0x76c31282 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLogicalDrives, address_out = 0x76c35371 |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetEnumResourceW, address_out = 0x74823058 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyExW, address_out = 0x74d5468d |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetCloseEnum, address_out = 0x74822dd6 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetWindowsDirectoryW, address_out = 0x76c343e2 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFileAttributesA, address_out = 0x76c4ecd3 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyExA, address_out = 0x74d54907 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFilePointer, address_out = 0x76c317d1 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetTickCount, address_out = 0x76c3110c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileAttributesW, address_out = 0x76c31b18 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindFirstFileW, address_out = 0x76c34435 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptAcquireContextW, address_out = 0x74d4df14 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = MoveFileExW, address_out = 0x76c49b2d |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetOpenEnumW, address_out = 0x74822f06 |
|
1 | |
| Get Address | c:\windows\syswow64\ole32.dll | function = CoInitialize, address_out = 0x755fb636 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDecrypt, address_out = 0x74d83178 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptImportKey, address_out = 0x74d4c532 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFilePointerEx, address_out = 0x76c4c807 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileW, address_out = 0x76c5830d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FreeLibrary, address_out = 0x76c334c8 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateProcessW, address_out = 0x76c3103d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateDirectoryW, address_out = 0x76c34259 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateThread, address_out = 0x76c334d5 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDestroyKey, address_out = 0x74d4c51a |
|
1 | |
| Get Address | c:\windows\syswow64\ole32.dll | function = CoCreateInstance, address_out = 0x75629d0b |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFileW, address_out = 0x76c33f5c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileAttributesA, address_out = 0x76c35414 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptEncrypt, address_out = 0x74d6779b |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegDeleteValueW, address_out = 0x74d4cf31 |
|
1 |
System (14)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 5000 milliseconds (5.000 seconds) |
|
1 | |
| Sleep | duration = 25000 milliseconds (25.000 seconds) |
|
6 | |
| Get Info | type = Operating System |
|
1 | |
| Get Info | type = Windows Directory, result_out = C:\Windows |
|
6 |
Process #11: expires bahamas juice.exe
98
0
| Information | Value |
|---|---|
| ID | #11 |
| File Name | c:\program files (x86)\msbuild\expires bahamas juice.exe |
| Command Line | "C:\Program Files (x86)\MSBuild\expires bahamas juice.exe" |
| Initial Working Directory | C:\Program Files (x86)\MSBuild\ |
| Monitor | Start Time: 00:00:58, Reason: Injection |
| Unmonitor | End Time: 00:02:05, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:06 |
| Remark | This is a randomly generated process started by the VMRay Analyzer prior to the sample analysis. |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x2c8 |
| Parent PID | 0x45c (c:\windows\explorer.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
944
0x
210
0x
AF8
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| expires bahamas juice.exe | 0x00EE0000 | 0x00EF5FFF | Relevant Image | - | 32-bit | - |
|
|
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #1: c:\users\5p5nrgjn0js halpmcxz\desktop\_00270000.mem.exe | 0xa40 | address = 0x30000000, size = 2936832 |
|
1 | |
| Create Remote Thread | #1: c:\users\5p5nrgjn0js halpmcxz\desktop\_00270000.mem.exe | 0xa40 | address = 0x30001982 |
|
1 |
Host Behavior
File (6)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\users\Public\sys | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
6 |
Module (78)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | kernel32.dll | base_address = 0x76c20000 |
|
1 | |
| Load | mpr.dll | base_address = 0x74820000 |
|
1 | |
| Load | advapi32.dll | base_address = 0x74d40000 |
|
1 | |
| Load | ole32.dll | base_address = 0x755e0000 |
|
1 | |
| Load | Shell32.dll | base_address = 0x75fd0000 |
|
1 | |
| Load | Iphlpapi.dll | base_address = 0x74b50000 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = LoadLibraryA, address_out = 0x76c349d7 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLastError, address_out = 0x76c311c0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualFree, address_out = 0x76c3186e |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptExportKey, address_out = 0x74d491ea |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = DeleteFileW, address_out = 0x76c389b3 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetDriveTypeW, address_out = 0x76c3418b |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCommandLineW, address_out = 0x76c35223 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetStartupInfoW, address_out = 0x76c34d40 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindNextFileW, address_out = 0x76c354ee |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualAlloc, address_out = 0x76c31856 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = GetUserNameA, address_out = 0x74d6a4b4 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ExitProcess, address_out = 0x76c37a10 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Wow64RevertWow64FsRedirection, address_out = 0x76c4d668 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateProcessA, address_out = 0x76c31072 |
|
1 | |
| Get Address | c:\windows\syswow64\iphlpapi.dll | function = GetIpNetTable, address_out = 0x74b5e52a |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetVersionExW, address_out = 0x76c31ae5 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Wow64DisableWow64FsRedirection, address_out = 0x76c4d650 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetSystemDefaultLangID, address_out = 0x76c5d346 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = GetUserNameW, address_out = 0x74d5157a |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ReadFile, address_out = 0x76c33ed3 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegQueryValueExA, address_out = 0x74d548ef |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CloseHandle, address_out = 0x76c31410 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegSetValueExW, address_out = 0x74d514d6 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegCloseKey, address_out = 0x74d5469d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileA, address_out = 0x76c558e5 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFileAttributesW, address_out = 0x76c4d4f7 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WinExec, address_out = 0x76cb2c21 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDeriveKey, address_out = 0x74d83188 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptGenKey, address_out = 0x74d48ee9 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Sleep, address_out = 0x76c310ff |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentProcess, address_out = 0x76c31809 |
|
1 | |
| Get Address | c:\windows\syswow64\shell32.dll | function = ShellExecuteW, address_out = 0x75fe3c71 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileSize, address_out = 0x76c3196e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GlobalAlloc, address_out = 0x76c3588e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindClose, address_out = 0x76c34442 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WaitForMultipleObjects, address_out = 0x76c34220 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleFileNameA, address_out = 0x76c314b1 |
|
1 | |
| Get Address | c:\windows\syswow64\shell32.dll | function = ShellExecuteA, address_out = 0x76217078 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleHandleA, address_out = 0x76c31245 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleFileNameW, address_out = 0x76c34950 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFileA, address_out = 0x76c353c6 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileSizeEx, address_out = 0x76c359e2 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WriteFile, address_out = 0x76c31282 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLogicalDrives, address_out = 0x76c35371 |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetEnumResourceW, address_out = 0x74823058 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyExW, address_out = 0x74d5468d |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetCloseEnum, address_out = 0x74822dd6 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetWindowsDirectoryW, address_out = 0x76c343e2 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFileAttributesA, address_out = 0x76c4ecd3 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyExA, address_out = 0x74d54907 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFilePointer, address_out = 0x76c317d1 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetTickCount, address_out = 0x76c3110c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileAttributesW, address_out = 0x76c31b18 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindFirstFileW, address_out = 0x76c34435 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptAcquireContextW, address_out = 0x74d4df14 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = MoveFileExW, address_out = 0x76c49b2d |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetOpenEnumW, address_out = 0x74822f06 |
|
1 | |
| Get Address | c:\windows\syswow64\ole32.dll | function = CoInitialize, address_out = 0x755fb636 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDecrypt, address_out = 0x74d83178 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptImportKey, address_out = 0x74d4c532 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFilePointerEx, address_out = 0x76c4c807 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileW, address_out = 0x76c5830d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FreeLibrary, address_out = 0x76c334c8 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateProcessW, address_out = 0x76c3103d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateDirectoryW, address_out = 0x76c34259 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateThread, address_out = 0x76c334d5 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDestroyKey, address_out = 0x74d4c51a |
|
1 | |
| Get Address | c:\windows\syswow64\ole32.dll | function = CoCreateInstance, address_out = 0x75629d0b |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFileW, address_out = 0x76c33f5c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileAttributesA, address_out = 0x76c35414 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptEncrypt, address_out = 0x74d6779b |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegDeleteValueW, address_out = 0x74d4cf31 |
|
1 |
System (14)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 5000 milliseconds (5.000 seconds) |
|
1 | |
| Sleep | duration = 25000 milliseconds (25.000 seconds) |
|
6 | |
| Get Info | type = Operating System |
|
1 | |
| Get Info | type = Windows Directory, result_out = C:\Windows |
|
6 |
Process #12: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #12 |
| File Name | c:\windows\syswow64\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:00:58, Reason: Child Process |
| Unmonitor | End Time: 00:01:04, Reason: Self Terminated |
| Monitor Duration | 00:00:05 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xae4 |
| Parent PID | 0xa9c (c:\windows\syswow64\net.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
AE8
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x74410000 |
|
1 | |
| Get Handle | c:\windows\syswow64\net1.exe | base_address = 0x80000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\syswow64\net1.exe, file_name_orig = C:\Windows\SysWOW64\net1.exe, size = 260 |
|
1 |
Service (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-05-13 19:46:11 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 120682 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17958329908 |
|
1 |
Process #13: net1.exe
50
0
| Information | Value |
|---|---|
| ID | #13 |
| File Name | c:\windows\syswow64\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "audioendpointbuilder" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:00:58, Reason: Child Process |
| Unmonitor | End Time: 00:01:11, Reason: Self Terminated |
| Monitor Duration | 00:00:12 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xaec |
| Parent PID | 0xa80 (c:\windows\syswow64\net.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
AF0
|
Host Behavior
File (32)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
15 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 169 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 2 |
|
7 | |
| Write | STD_OUTPUT_HANDLE | size = 16 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 37 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 1 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 53 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 54 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 70 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x74410000 |
|
1 | |
| Get Handle | c:\windows\syswow64\net1.exe | base_address = 0x80000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\syswow64\net1.exe, file_name_orig = C:\Windows\SysWOW64\net1.exe, size = 260 |
|
1 |
Service (10)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Display Name | database_name = SERVICES_ACTIVE_DATABASE |
|
3 | |
| Get Display Name | database_name = SERVICES_ACTIVE_DATABASE |
|
2 | |
| Get Info | service_name = AUDIOENDPOINTBUILDER |
|
1 | |
| Get Info | service_name = AUDIOENDPOINTBUILDER |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
System (5)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 2500 milliseconds (2.500 seconds) |
|
2 | |
| Get Time | type = System Time, time = 2019-05-13 19:46:11 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 120697 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17958527287 |
|
1 |
Process #14: fpresellerfunction.exe
98
0
| Information | Value |
|---|---|
| ID | #14 |
| File Name | c:\program files\windows defender\fpresellerfunction.exe |
| Command Line | "C:\Program Files\Windows Defender\fpresellerfunction.exe" |
| Initial Working Directory | C:\Program Files\Windows Defender\ |
| Monitor | Start Time: 00:00:59, Reason: Injection |
| Unmonitor | End Time: 00:02:05, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:05 |
| Remark | This is a randomly generated process started by the VMRay Analyzer prior to the sample analysis. |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x310 |
| Parent PID | 0x45c (c:\windows\explorer.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
940
0x
178
0x
B10
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| fpresellerfunction.exe | 0x00C70000 | 0x00C85FFF | Relevant Image | - | 32-bit | - |
|
|
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Create Remote Thread | #1: c:\users\5p5nrgjn0js halpmcxz\desktop\_00270000.mem.exe | 0xa40 | address = 0x30001982 |
|
1 |
Host Behavior
File (6)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\users\Public\sys | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
6 |
Module (78)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | kernel32.dll | base_address = 0x76c20000 |
|
1 | |
| Load | mpr.dll | base_address = 0x74820000 |
|
1 | |
| Load | advapi32.dll | base_address = 0x74d40000 |
|
1 | |
| Load | ole32.dll | base_address = 0x755e0000 |
|
1 | |
| Load | Shell32.dll | base_address = 0x75fd0000 |
|
1 | |
| Load | Iphlpapi.dll | base_address = 0x74b50000 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = LoadLibraryA, address_out = 0x76c349d7 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLastError, address_out = 0x76c311c0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualFree, address_out = 0x76c3186e |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptExportKey, address_out = 0x74d491ea |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = DeleteFileW, address_out = 0x76c389b3 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetDriveTypeW, address_out = 0x76c3418b |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCommandLineW, address_out = 0x76c35223 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetStartupInfoW, address_out = 0x76c34d40 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindNextFileW, address_out = 0x76c354ee |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualAlloc, address_out = 0x76c31856 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = GetUserNameA, address_out = 0x74d6a4b4 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ExitProcess, address_out = 0x76c37a10 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Wow64RevertWow64FsRedirection, address_out = 0x76c4d668 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateProcessA, address_out = 0x76c31072 |
|
1 | |
| Get Address | c:\windows\syswow64\iphlpapi.dll | function = GetIpNetTable, address_out = 0x74b5e52a |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetVersionExW, address_out = 0x76c31ae5 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Wow64DisableWow64FsRedirection, address_out = 0x76c4d650 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetSystemDefaultLangID, address_out = 0x76c5d346 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = GetUserNameW, address_out = 0x74d5157a |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ReadFile, address_out = 0x76c33ed3 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegQueryValueExA, address_out = 0x74d548ef |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CloseHandle, address_out = 0x76c31410 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegSetValueExW, address_out = 0x74d514d6 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegCloseKey, address_out = 0x74d5469d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileA, address_out = 0x76c558e5 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFileAttributesW, address_out = 0x76c4d4f7 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WinExec, address_out = 0x76cb2c21 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDeriveKey, address_out = 0x74d83188 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptGenKey, address_out = 0x74d48ee9 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Sleep, address_out = 0x76c310ff |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentProcess, address_out = 0x76c31809 |
|
1 | |
| Get Address | c:\windows\syswow64\shell32.dll | function = ShellExecuteW, address_out = 0x75fe3c71 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileSize, address_out = 0x76c3196e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GlobalAlloc, address_out = 0x76c3588e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindClose, address_out = 0x76c34442 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WaitForMultipleObjects, address_out = 0x76c34220 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleFileNameA, address_out = 0x76c314b1 |
|
1 | |
| Get Address | c:\windows\syswow64\shell32.dll | function = ShellExecuteA, address_out = 0x76217078 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleHandleA, address_out = 0x76c31245 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleFileNameW, address_out = 0x76c34950 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFileA, address_out = 0x76c353c6 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileSizeEx, address_out = 0x76c359e2 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WriteFile, address_out = 0x76c31282 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLogicalDrives, address_out = 0x76c35371 |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetEnumResourceW, address_out = 0x74823058 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyExW, address_out = 0x74d5468d |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetCloseEnum, address_out = 0x74822dd6 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetWindowsDirectoryW, address_out = 0x76c343e2 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFileAttributesA, address_out = 0x76c4ecd3 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyExA, address_out = 0x74d54907 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFilePointer, address_out = 0x76c317d1 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetTickCount, address_out = 0x76c3110c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileAttributesW, address_out = 0x76c31b18 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindFirstFileW, address_out = 0x76c34435 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptAcquireContextW, address_out = 0x74d4df14 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = MoveFileExW, address_out = 0x76c49b2d |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetOpenEnumW, address_out = 0x74822f06 |
|
1 | |
| Get Address | c:\windows\syswow64\ole32.dll | function = CoInitialize, address_out = 0x755fb636 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDecrypt, address_out = 0x74d83178 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptImportKey, address_out = 0x74d4c532 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFilePointerEx, address_out = 0x76c4c807 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileW, address_out = 0x76c5830d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FreeLibrary, address_out = 0x76c334c8 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateProcessW, address_out = 0x76c3103d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateDirectoryW, address_out = 0x76c34259 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateThread, address_out = 0x76c334d5 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDestroyKey, address_out = 0x74d4c51a |
|
1 | |
| Get Address | c:\windows\syswow64\ole32.dll | function = CoCreateInstance, address_out = 0x75629d0b |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFileW, address_out = 0x76c33f5c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileAttributesA, address_out = 0x76c35414 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptEncrypt, address_out = 0x74d6779b |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegDeleteValueW, address_out = 0x74d4cf31 |
|
1 |
System (14)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 5000 milliseconds (5.000 seconds) |
|
1 | |
| Sleep | duration = 25000 milliseconds (25.000 seconds) |
|
6 | |
| Get Info | type = Operating System |
|
1 | |
| Get Info | type = Windows Directory, result_out = C:\Windows |
|
6 |
Process #16: violations_accompanying_show.exe
2436
0
| Information | Value |
|---|---|
| ID | #16 |
| File Name | c:\program files (x86)\mozilla maintenance service\violations_accompanying_show.exe |
| Command Line | "C:\Program Files (x86)\Mozilla Maintenance Service\violations_accompanying_show.exe" |
| Initial Working Directory | C:\Program Files (x86)\Mozilla Maintenance Service\ |
| Monitor | Start Time: 00:01:04, Reason: Injection |
| Unmonitor | End Time: 00:02:05, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:01 |
| Remark | This is a randomly generated process started by the VMRay Analyzer prior to the sample analysis. |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x15c |
| Parent PID | 0x45c (c:\windows\explorer.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
93C
0x
314
0x
B24
0x
1468
0x
16B0
0x
16BC
0x
16F0
0x
16F4
0x
16F8
0x
171C
0x
1720
0x
1724
0x
1728
0x
172C
0x
1730
0x
1734
0x
1764
0x
1768
0x
176C
0x
1770
0x
1798
0x
179C
0x
17A0
0x
182C
0x
1830
0x
1834
0x
1838
0x
183C
0x
1840
0x
1844
0x
1848
0x
184C
0x
1850
0x
1854
0x
1858
0x
185C
0x
1860
0x
1864
0x
1868
0x
186C
0x
1870
0x
1878
0x
187C
0x
1880
0x
1884
0x
1888
0x
188C
0x
1890
0x
1894
0x
1898
0x
189C
0x
18D8
0x
18DC
0x
18E0
0x
18E4
0x
192C
0x
1930
0x
1934
0x
1938
0x
193C
0x
1940
0x
1944
0x
1948
0x
194C
0x
1950
0x
1954
0x
1958
0x
195C
0x
1960
0x
1964
0x
1968
0x
196C
0x
1970
0x
1974
0x
1978
0x
197C
0x
1980
0x
1984
0x
19AC
0x
19B0
0x
19B4
0x
19B8
0x
19BC
0x
19C0
0x
19C4
0x
19C8
0x
19FC
0x
1A00
0x
1A04
0x
1A08
0x
1A0C
0x
1A10
0x
1A14
0x
1A18
0x
1A1C
0x
1A20
0x
1A24
0x
1A5C
0x
1A60
0x
1A64
0x
1A68
0x
1A6C
0x
1A70
0x
1A74
0x
1A78
0x
1A7C
0x
1A80
0x
1A84
0x
1A88
0x
1A8C
0x
1ABC
0x
1AC0
0x
1AC4
0x
1AC8
0x
1ACC
0x
1AD0
0x
1B5C
0x
1B60
0x
1B64
0x
1B68
0x
1C9C
0x
1CA0
0x
1CA4
0x
1CA8
0x
1CAC
0x
1CB0
0x
1CB4
0x
1CB8
0x
1CBC
0x
1CDC
0x
1D00
0x
1D04
0x
1D08
0x
1D0C
0x
1D10
0x
1D14
0x
1D18
0x
1D1C
0x
1D20
0x
1D24
0x
1D54
0x
1D58
0x
1D5C
0x
1D60
0x
1D64
0x
1D68
0x
1D6C
0x
1D70
0x
1D74
0x
1DC4
0x
1DC8
0x
1DCC
0x
1DD0
0x
1DD4
0x
1DD8
0x
1DDC
0x
1DE0
0x
1DE4
0x
1DE8
0x
1DEC
0x
1DF0
0x
1DF4
0x
1DF8
0x
1DFC
0x
1E00
0x
1E04
0x
1E08
0x
1E0C
0x
1E44
0x
1E48
0x
1E4C
0x
1E50
0x
1E54
0x
1E58
0x
1E5C
0x
1E60
0x
1E64
0x
1E68
0x
1E6C
0x
1E70
0x
1E74
0x
1E78
0x
1EE0
0x
1EE4
0x
1EE8
0x
1EEC
0x
1EF0
0x
1EF4
0x
1EF8
0x
1EFC
0x
1F00
0x
1F04
0x
1F08
0x
1F44
0x
1F48
0x
1F4C
0x
1F50
0x
1F54
0x
1F58
0x
1F5C
0x
1F60
0x
1F64
0x
1F68
0x
1F6C
0x
1F70
0x
1F94
0x
1F98
0x
1F9C
0x
1FA0
0x
1FA4
0x
1FA8
0x
1FAC
0x
1FB0
0x
1FB4
0x
1FB8
0x
1FBC
0x
1FC0
0x
1FE4
0x
1FE8
0x
1FEC
0x
1FF0
0x
1FF4
0x
1FF8
0x
1FFC
0x
578
0x
16BC
0x
1CE4
0x
1CF0
0x
7DC
0x
1E34
0x
200C
0x
2010
0x
2014
0x
2018
0x
2048
0x
204C
0x
2050
0x
2054
0x
2058
0x
205C
0x
2060
0x
2064
0x
2068
0x
206C
0x
2070
0x
2074
0x
2078
0x
207C
0x
2080
0x
2084
0x
2088
0x
208C
0x
2090
0x
2094
0x
2098
0x
209C
0x
20A0
0x
20A4
0x
20A8
0x
20AC
0x
20B0
0x
20B4
0x
20B8
0x
20BC
0x
20C0
0x
20C4
0x
20C8
0x
20F0
0x
20F4
0x
20F8
0x
20FC
0x
2100
0x
2104
0x
2108
0x
210C
0x
2110
0x
2114
0x
2118
0x
211C
0x
2120
0x
2124
0x
2128
0x
212C
0x
2130
0x
2134
0x
2138
0x
213C
0x
2140
0x
2144
0x
2148
0x
214C
0x
2150
0x
2154
0x
2158
0x
215C
0x
219C
0x
21A0
0x
21A4
0x
21A8
0x
226C
0x
2270
0x
2274
0x
2278
0x
2308
0x
230C
0x
2310
0x
2314
0x
2318
0x
231C
0x
2320
0x
2324
0x
2328
0x
232C
0x
2330
0x
2334
0x
235C
0x
2360
0x
2364
0x
2368
0x
236C
0x
2370
0x
2374
0x
2378
0x
237C
0x
2380
0x
2384
0x
2388
0x
238C
0x
2390
0x
2394
0x
2398
0x
239C
0x
23A0
0x
23A4
0x
23A8
0x
23AC
0x
23B0
0x
23B4
0x
23B8
0x
23BC
0x
23C0
0x
23C4
0x
23C8
0x
23CC
0x
23D0
0x
23D4
0x
23D8
0x
23DC
0x
23E0
0x
23E4
0x
23E8
0x
23EC
0x
23F0
0x
23F4
0x
23F8
0x
1ED8
0x
354
0x
DC0
0x
20C8
0x
20D8
0x
20E8
0x
6C8
0x
20E0
0x
2414
0x
2418
0x
241C
0x
2420
0x
2424
0x
2428
0x
242C
0x
2430
0x
2434
0x
2438
0x
243C
0x
2440
0x
2444
0x
2484
0x
2488
0x
248C
0x
24C0
0x
24C4
0x
24C8
0x
24CC
0x
24D0
0x
24D4
0x
24D8
0x
24DC
0x
2568
0x
256C
0x
2570
0x
2574
0x
2578
0x
257C
0x
2580
0x
2584
0x
25C8
0x
25CC
0x
25D0
0x
25D4
0x
25D8
0x
25DC
0x
25E0
0x
25E4
0x
25E8
0x
25EC
0x
25F0
0x
25F4
0x
25F8
0x
25FC
0x
2638
0x
263C
0x
2640
0x
2648
0x
264C
0x
2650
0x
2654
0x
2658
0x
265C
0x
2660
0x
2664
0x
266C
0x
2670
0x
2674
0x
2678
0x
267C
0x
2680
0x
2684
0x
2688
0x
268C
0x
2690
0x
2694
0x
2698
0x
269C
0x
26A0
0x
26A4
0x
26A8
0x
26AC
0x
26B0
0x
26B4
0x
26B8
0x
26BC
0x
26C0
0x
26C4
0x
26C8
0x
26CC
0x
26D0
0x
26D4
0x
26D8
0x
26DC
0x
26E0
0x
26E4
0x
26E8
0x
26EC
0x
26F0
0x
26F4
0x
26F8
0x
26FC
0x
2700
0x
2704
0x
2708
0x
270C
0x
2710
0x
2714
0x
2718
0x
271C
0x
2720
0x
2724
0x
2728
0x
272C
0x
2730
0x
2734
0x
2738
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| violations_accompanying_show.exe | 0x00BD0000 | 0x00BE5FFF | Relevant Image | - | 32-bit | - |
|
|
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #1: c:\users\5p5nrgjn0js halpmcxz\desktop\_00270000.mem.exe | 0xa40 | address = 0x30000000, size = 2936832 |
|
1 | |
| Create Remote Thread | #1: c:\users\5p5nrgjn0js halpmcxz\desktop\_00270000.mem.exe | 0xa40 | address = 0x30001982 |
|
1 |
Host Behavior
File (1779)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\users\Public\sys | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
3 | |
| Create | C:\users\Public\sys | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 | |
| Create | C:\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
6 | |
| Create | C:\Boot\BCD | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\BCD.LOG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
25 | |
| Create | C:\Boot\cs-CZ\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\da-DK\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\de-DE\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\el-GR\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\en-US\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\es-ES\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\fi-FI\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\fr-FR\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\hu-HU\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\it-IT\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\ja-JP\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\ko-KR\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\nb-NO\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\nl-NL\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\pl-PL\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\pt-BR\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\pt-PT\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\ru-RU\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\sv-SE\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\tr-TR\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\zh-CN\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\zh-HK\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\zh-TW\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Config.Msi\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\MSOCache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\PerfLogs\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\Common Files\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
6 | |
| Create | C:\Program Files\Common Files\DESIGNER\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
27 | |
| Create | C:\Boot\BCD.LOG1.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\BCD.LOG2.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\BOOTSTAT.DAT.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\chs_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\cht_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\jpn_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\kor_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\wgl4_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\bootmgr.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\BOOTSECT.BAK.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\hiberfil.sys | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\pagefile.sys | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\DW\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\EQUATION\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\EQUATION\1033\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.CNT | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.HLP | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\EQUATION\MTEXTRA.TTF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\EURO\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Filters\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Help\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
38 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
10 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.CFG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FLT | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\EPSIMP32.FLT | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FNT | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\GIFIMP32.FLT | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\JPEGIM32.FLT | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.CGM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.WPG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PICTIM32.FLT | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PNG32.FLT | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_ca.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_heb.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_kor.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ko-kr.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-changjei.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-dayi.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-phonetic.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\numbase.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ja-jp-sym.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\WPGIMP32.FLT | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\symbase.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\webbase.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\hwrlatinlm.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\ipscat.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\ipschs.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\hwrenalm.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\hwrenclm.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\ipscsy.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\ipsdan.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\hwrusalm.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\MSClientDataMgr\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\MSInfo\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
4 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\ipsdeu.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\ipsen.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
22 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ADO210.CHM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\README.HTM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUI.XML | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\ExcelMUI.XML | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\GrooveMUI.XML | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\InfoPathMUI.XML | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\ipsptb.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\ipsfra.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\ipsptg.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\ipsjpn.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\ipssrb.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\ipssve.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\ipsita.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\ipsnld.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\ipsnor.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\ipsplk.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MUAUTH.CAB | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUI.XML | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OCT.CHM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSCONFIG.CHM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10O.CHM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10R.CHM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.CHM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\Office32WW.XML | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\OneNoteMUI.XML | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\OutlookMUI.XML | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\PowerPointMUI.XML | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\Office32MUI.XML | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\pkeyconfig-office.xrm-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.en\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.es\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.fr\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\PrjProrWW.XML | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\ProjectMUI.XML | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.en\Proof.XML | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.fr\Proof.XML | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.es\Proof.XML | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\Proofing.XML | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\PublisherMUI.XML | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\VisiorWW.XML | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\ProPlusrWW.XML | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\VisioMUI.XML | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\WordMUI.XML | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\PROOF\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Source Engine\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\PROOF\MSWDS_ES.LEX | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\DATES.XML | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\PHONE.XML | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\osppobjs-spp-plugin-manifest-signed.xrm-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\PROOF\MSWDS_EN.LEX | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\PROOF\MSWDS_FR.LEX | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.DAT | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.XML | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\TIME.XML | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\METCONV.TXT | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\BASMLA.XSL | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\MSTAG.TLB | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Orange Circles.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Graph.emf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Memo.emf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Month_Calendar.emf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Music.emf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Sand_Paper.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Shades of Blue.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\SoftBlue.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Seyes.emf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Small_News.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\To_Do_List.emf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Tiki.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Wrinkled_Paper.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\White_Chocolate.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Tanspecks.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\TextConv\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\TextConv\RECOVR32.CNV | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\TextConv\Wks9Pxy.cnv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\TextConv\WPFT532.CNV | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\TextConv\WPFT632.CNV | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
46 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\AFTRNOON.INF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\AXIS.ELM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\AFTRNOON.ELM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\ARCTIC.ELM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\ARCTIC.INF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\BLENDS.ELM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\AXIS.INF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\BLUECALM.INF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\BLENDS.INF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\BLUECALM.ELM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\BLUEPRNT.ELM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\BOLDSTRI.ELM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\BOLDSTRI.INF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\BREEZE.ELM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\BLUEPRNT.INF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\BREEZE.INF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\CANYON.ELM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\CAPSULES.INF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\CASCADE.ELM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\CASCADE.INF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\CAPSULES.ELM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\COMPASS.INF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\CANYON.INF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\COMPASS.ELM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\CONCRETE.ELM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\CONCRETE.INF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\DEEPBLUE.ELM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\DEEPBLUE.INF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\ECHO.ELM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\ECHO.INF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\ECLIPSE.ELM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\ECLIPSE.INF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\EDGE.ELM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\EDGE.INF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\EVRGREEN.ELM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\EVRGREEN.INF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\EXPEDITN.ELM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\EXPEDITN.INF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\ICE.ELM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\ICE.INF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\INDUST.ELM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\INDUST.INF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\IRIS.ELM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\IRIS.INF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\JOURNAL.INF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\LAYERS.ELM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\NETWORK.ELM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\JOURNAL.ELM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\LAYERS.INF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\LEVEL.ELM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\LEVEL.INF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\NETWORK.INF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\PAPYRUS.ELM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\PIXEL.INF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\PAPYRUS.INF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\PIXEL.ELM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\PROFILE.ELM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\PROFILE.INF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\QUAD.ELM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\QUAD.INF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\RADIAL.ELM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\RADIAL.INF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\REFINED.INF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\REFINED.ELM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\RICEPAPR.INF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\RIPPLE.ELM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\RMNSQUE.ELM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\RIPPLE.INF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\RICEPAPR.ELM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\SATIN.ELM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\SATIN.INF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\RMNSQUE.INF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\SKY.INF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\SLATE.ELM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\SKY.ELM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\SLATE.INF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\SONORA.ELM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\SONORA.INF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\SPRING.ELM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\SPRING.INF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\STRTEDGE.ELM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\STRTEDGE.INF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\STUDIO.INF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\SUMIPNTG.ELM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\SUMIPNTG.INF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\THEMES.INF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\WATERMAR.INF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\WATER.INF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\WATERMAR.ELM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
7 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\STUDIO.ELM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\WATER.ELM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ARFR\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ENES\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ENFR\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ESEN\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\FRAR\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\FREN\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Triedit\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Triedit\en-US\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\VBA\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ARFR\MSB1ARFR.ITS | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ENES\MSB1ENES.ITS | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ENFR\MSB1ENFR.ITS | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ESEN\MSB1ESEN.ITS | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ESEN\WT61ES.LEX | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\FRAR\MSB1FRAR.ITS | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\FREN\MSB1FREN.ITS | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\MSB1AR.LEX | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\MSB1CACH.LEX | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\FREN\WT61FR.LEX | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\FM20.CHM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBCN6.CHM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBENDF98.CHM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBHW6.CHM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBLR6.CHM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBOB6.CHM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBUI6.CHM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\VC\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\VGX\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Visio Shared\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Visio Shared\Fonts\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\VSTO\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Visio Shared\Fonts\BIGFONT.SHX | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Visio Shared\Fonts\CHINESET.SHX | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Visio Shared\Fonts\EXTFONT.SHX | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Visio Shared\Fonts\GBCBIG.SHX | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Visio Shared\Fonts\IC-TXT.SHX | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Visio Shared\Fonts\ICAD.FMP | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Visio Shared\Fonts\WHGDTXT.SHX | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Visio Shared\Fonts\WHGTXT.SHX | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Visio Shared\Fonts\WHTGTXT.SHX | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Visio Shared\Fonts\WHTMTXT.SHX | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Web Folders\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Web Folders\1033\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\1033\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Services\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\SpeechEngines\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\Common Files\SpeechEngines\Microsoft\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\System\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
6 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee100.tlb | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\1033\FPEXT.MSG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\System\ado\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\Common Files\System\ado\en-US\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\System\en-US\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\System\msadc\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\Common Files\Services\verisign.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee90.tlb | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\System\msadc\en-US\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\System\ado\adojavas.inc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\System\ado\adovbs.inc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\System\ado\msado20.tlb | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\System\ado\msado21.tlb | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\System\ado\msado25.tlb | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\System\ado\msado26.tlb | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\System\ado\msado27.tlb | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\System\ado\msado28.tlb | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\System\ado\msadomd28.tlb | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\System\ado\msadox28.tlb | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\System\msadc\adcjavas.inc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\System\msadc\adcvbs.inc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\System\msadc\handler.reg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\System\msadc\handsafe.reg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\System\MSMAPI\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\Common Files\System\MSMAPI\1033\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\System\Ole DB\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\Common Files\System\Ole DB\en-US\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\DVD Maker\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\System\Ole DB\sqloledb.rll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\DVD Maker\audiodepthconverter.ax | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\DVD Maker\bod_r.TTF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\DVD Maker\directshowtap.ax | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\DVD Maker\en-US\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Move | C:\Boot\BCD.RYK | source_filename = C:\Boot\BCD, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Boot\BCD.LOG.RYK | source_filename = C:\Boot\BCD.LOG, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Boot\Fonts\chs_boot.ttf.RYK | source_filename = C:\Boot\Fonts\chs_boot.ttf, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Boot\Fonts\cht_boot.ttf.RYK | source_filename = C:\Boot\Fonts\cht_boot.ttf, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Boot\Fonts\jpn_boot.ttf.RYK | source_filename = C:\Boot\Fonts\jpn_boot.ttf, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Boot\Fonts\kor_boot.ttf.RYK | source_filename = C:\Boot\Fonts\kor_boot.ttf, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Boot\Fonts\wgl4_boot.ttf.RYK | source_filename = C:\Boot\Fonts\wgl4_boot.ttf, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\hiberfil.sys.RYK | source_filename = C:\hiberfil.sys, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\pagefile.sys.RYK | source_filename = C:\pagefile.sys, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.CNT.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.CNT, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.HLP.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.HLP, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\EQUATION\MTEXTRA.TTF.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\MTEXTRA.TTF, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.CFG.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.CFG, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FLT.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FLT, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\EPSIMP32.FLT.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\EPSIMP32.FLT, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FNT.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FNT, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\GIFIMP32.FLT.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\GIFIMP32.FLT, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\JPEGIM32.FLT.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\JPEGIM32.FLT, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.CGM.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.CGM, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.WPG.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.WPG, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PICTIM32.FLT.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PICTIM32.FLT, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PNG32.FLT.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PNG32.FLT, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base.xml.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base.xml, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_ca.xml.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_ca.xml, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_heb.xml.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_heb.xml, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main.xml.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main.xml, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers.xml.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers.xml, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu.xml.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu.xml, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_kor.xml.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_kor.xml, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ko-kr.xml.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ko-kr.xml, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-changjei.xml.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-changjei.xml, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-dayi.xml.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-dayi.xml, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-phonetic.xml.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-phonetic.xml, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\numbase.xml.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\numbase.xml, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad.xml.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad.xml, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred.xml.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred.xml, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ja-jp-sym.xml, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\WPGIMP32.FLT.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\WPGIMP32.FLT, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\symbase.xml.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\symbase.xml, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols.xml.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols.xml, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\webbase.xml.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\webbase.xml, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web.xml.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web.xml, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\hwrlatinlm.dat.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\hwrlatinlm.dat, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\ipscat.xml.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipscat.xml, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\ipschs.xml.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipschs.xml, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\hwrenalm.dat.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\hwrenalm.dat, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\hwrenclm.dat.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\hwrenclm.dat, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\hwrusalm.dat.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\hwrusalm.dat, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\ipsdan.xml.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipsdan.xml, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\ipscsy.xml.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipscsy.xml, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\ipsdeu.xml.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipsdeu.xml, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\ipsen.xml.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipsen.xml, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ADO210.CHM.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ADO210.CHM, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\README.HTM.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\README.HTM, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUI.XML.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUI.XML, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\ExcelMUI.XML.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\ExcelMUI.XML, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\GrooveMUI.XML.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\GrooveMUI.XML, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\InfoPathMUI.XML.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\InfoPathMUI.XML, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\SETUP.XML.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\SETUP.XML, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\ipsptb.xml.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipsptb.xml, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\ipsfra.xml.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipsfra.xml, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\ipsptg.xml.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipsptg.xml, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\ipsjpn.xml.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipsjpn.xml, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\ipssrb.xml.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipssrb.xml, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\ipssve.xml.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipssve.xml, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\ipsita.xml.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipsita.xml, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\ipsnld.xml.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipsnld.xml, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\ipsnor.xml.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipsnor.xml, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\ipsplk.xml.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipsplk.xml, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MUAUTH.CAB.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MUAUTH.CAB, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUI.XML.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUI.XML, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\Office32WW.XML.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\Office32WW.XML, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\OneNoteMUI.XML.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\OneNoteMUI.XML, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\OutlookMUI.XML.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\OutlookMUI.XML, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\PowerPointMUI.XML.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\PowerPointMUI.XML, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\Office32MUI.XML.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\Office32MUI.XML, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\SETUP.XML.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\SETUP.XML, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\SETUP.XML.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\SETUP.XML, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\pkeyconfig-office.xrm-ms.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\pkeyconfig-office.xrm-ms, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OCT.CHM.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OCT.CHM, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSCONFIG.CHM.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSCONFIG.CHM, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10O.CHM.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10O.CHM, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10R.CHM.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10R.CHM, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.CHM.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.CHM, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\SETUP.XML.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\SETUP.XML, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\SETUP.XML.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\SETUP.XML, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\PrjProrWW.XML.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\PrjProrWW.XML, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\SETUP.XML.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\SETUP.XML, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\ProjectMUI.XML.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\ProjectMUI.XML, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.en\Proof.XML.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.en\Proof.XML, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.fr\Proof.XML.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.fr\Proof.XML, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\SETUP.XML.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\SETUP.XML, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.es\Proof.XML.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.es\Proof.XML, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\Proofing.XML.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\Proofing.XML, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\SETUP.XML.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\SETUP.XML, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\SETUP.XML.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\SETUP.XML, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\PublisherMUI.XML.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\PublisherMUI.XML, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\VisiorWW.XML.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\VisiorWW.XML, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\ProPlusrWW.XML.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\ProPlusrWW.XML, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\SETUP.XML.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\SETUP.XML, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\SETUP.XML.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\SETUP.XML, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\VisioMUI.XML.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\VisioMUI.XML, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\SETUP.XML.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\SETUP.XML, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\WordMUI.XML.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\WordMUI.XML, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\SETUP.XML.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\SETUP.XML, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\PROOF\MSWDS_ES.LEX.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\PROOF\MSWDS_ES.LEX, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\DATES.XML.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\DATES.XML, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\PHONE.XML.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\PHONE.XML, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\osppobjs-spp-plugin-manifest-signed.xrm-ms.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\osppobjs-spp-plugin-manifest-signed.xrm-ms, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\PROOF\MSWDS_EN.LEX.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\PROOF\MSWDS_EN.LEX, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\PROOF\MSWDS_FR.LEX.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\PROOF\MSWDS_FR.LEX, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.DAT.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.DAT, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.XML.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.XML, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\TIME.XML.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\TIME.XML, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\METCONV.TXT.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\METCONV.TXT, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\BASMLA.XSL.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\BASMLA.XSL, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\MSTAG.TLB.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\MSTAG.TLB, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\Stationery\Orange Circles.htm.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Orange Circles.htm, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.htm.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.htm, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\Stationery\SoftBlue.jpg.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\SoftBlue.jpg, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\Stationery\Shades of Blue.htm.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Shades of Blue.htm, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\Stationery\Sand_Paper.jpg.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Sand_Paper.jpg, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.htm.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.htm, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.jpg.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.jpg, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.htm.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.htm, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\Stationery\Music.emf.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Music.emf, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\Stationery\Month_Calendar.emf.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Month_Calendar.emf, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\Stationery\Memo.emf.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Memo.emf, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\Stationery\Graph.emf.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Graph.emf, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\Stationery\Small_News.jpg.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Small_News.jpg, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\Stationery\Seyes.emf.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Seyes.emf, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\Stationery\To_Do_List.emf.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\To_Do_List.emf, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\Stationery\Tiki.gif.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Tiki.gif, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\Stationery\Wrinkled_Paper.gif.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Wrinkled_Paper.gif, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\Stationery\White_Chocolate.jpg.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\White_Chocolate.jpg, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\Stationery\Tanspecks.jpg.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Tanspecks.jpg, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\TextConv\RECOVR32.CNV.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\TextConv\RECOVR32.CNV, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\TextConv\Wks9Pxy.cnv.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\TextConv\Wks9Pxy.cnv, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\TextConv\WPFT532.CNV.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\TextConv\WPFT532.CNV, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\TextConv\WPFT632.CNV.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\TextConv\WPFT632.CNV, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\AFTRNOON.INF.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\AFTRNOON.INF, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\PREVIEW.GIF.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\PREVIEW.GIF, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\AXIS.ELM.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\AXIS.ELM, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\THMBNAIL.PNG.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\THMBNAIL.PNG, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\THMBNAIL.PNG.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\THMBNAIL.PNG, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\AFTRNOON.ELM.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\AFTRNOON.ELM, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\PREVIEW.GIF.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\PREVIEW.GIF, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\ARCTIC.ELM.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\ARCTIC.ELM, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\ARCTIC.INF.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\ARCTIC.INF, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\THMBNAIL.PNG.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\THMBNAIL.PNG, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\PREVIEW.GIF.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\PREVIEW.GIF, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\BLENDS.ELM.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\BLENDS.ELM, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\THMBNAIL.PNG.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\THMBNAIL.PNG, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\AXIS.INF.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\AXIS.INF, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\BLUECALM.INF.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\BLUECALM.INF, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\THMBNAIL.PNG.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\THMBNAIL.PNG, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\BLENDS.INF.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\BLENDS.INF, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\PREVIEW.GIF.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\PREVIEW.GIF, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\BLUECALM.ELM.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\BLUECALM.ELM, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\PREVIEW.GIF.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\PREVIEW.GIF, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\BLUEPRNT.ELM.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\BLUEPRNT.ELM, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\PREVIEW.GIF.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\PREVIEW.GIF, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\THMBNAIL.PNG.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\THMBNAIL.PNG, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\BOLDSTRI.ELM.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\BOLDSTRI.ELM, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\BOLDSTRI.INF.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\BOLDSTRI.INF, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\PREVIEW.GIF.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\PREVIEW.GIF, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\THMBNAIL.PNG.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\THMBNAIL.PNG, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\BREEZE.ELM.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\BREEZE.ELM, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\THMBNAIL.PNG.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\THMBNAIL.PNG, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\BLUEPRNT.INF.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\BLUEPRNT.INF, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\BREEZE.INF.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\BREEZE.INF, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\PREVIEW.GIF.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\PREVIEW.GIF, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\PREVIEW.GIF.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\PREVIEW.GIF, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\THMBNAIL.PNG.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\THMBNAIL.PNG, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\CANYON.ELM.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\CANYON.ELM, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\CAPSULES.INF.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\CAPSULES.INF, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\THMBNAIL.PNG.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\THMBNAIL.PNG, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\CASCADE.ELM.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\CASCADE.ELM, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\CASCADE.INF.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\CASCADE.INF, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\THMBNAIL.PNG.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\THMBNAIL.PNG, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\PREVIEW.GIF.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\PREVIEW.GIF, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\PREVIEW.GIF.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\PREVIEW.GIF, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\CAPSULES.ELM.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\CAPSULES.ELM, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\COMPASS.INF.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\COMPASS.INF, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\PREVIEW.GIF.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\PREVIEW.GIF, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\THMBNAIL.PNG.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\THMBNAIL.PNG, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\PREVIEW.GIF.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\PREVIEW.GIF, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\THMBNAIL.PNG.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\THMBNAIL.PNG, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\PREVIEW.GIF.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\PREVIEW.GIF, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\CANYON.INF.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\CANYON.INF, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\COMPASS.ELM.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\COMPASS.ELM, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\CONCRETE.ELM.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\CONCRETE.ELM, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\CONCRETE.INF.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\CONCRETE.INF, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\DEEPBLUE.ELM.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\DEEPBLUE.ELM, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\DEEPBLUE.INF.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\DEEPBLUE.INF, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\PREVIEW.GIF.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\PREVIEW.GIF, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\ECHO.ELM.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\ECHO.ELM, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\ECHO.INF.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\ECHO.INF, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\THMBNAIL.PNG.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\THMBNAIL.PNG, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\THMBNAIL.PNG.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\THMBNAIL.PNG, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\ECLIPSE.ELM.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\ECLIPSE.ELM, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\THMBNAIL.PNG.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\THMBNAIL.PNG, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\ECLIPSE.INF.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\ECLIPSE.INF, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\PREVIEW.GIF.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\PREVIEW.GIF, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\EDGE.ELM.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\EDGE.ELM, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\EDGE.INF.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\EDGE.INF, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\PREVIEW.GIF.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\PREVIEW.GIF, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\THMBNAIL.PNG.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\THMBNAIL.PNG, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\EVRGREEN.ELM.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\EVRGREEN.ELM, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\PREVIEW.GIF.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\PREVIEW.GIF, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\THMBNAIL.PNG.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\THMBNAIL.PNG, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\PREVIEW.GIF.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\PREVIEW.GIF, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\PREVIEW.GIF.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\PREVIEW.GIF, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\EVRGREEN.INF.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\EVRGREEN.INF, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\EXPEDITN.ELM.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\EXPEDITN.ELM, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\EXPEDITN.INF.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\EXPEDITN.INF, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\THMBNAIL.PNG.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\THMBNAIL.PNG, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\ICE.ELM.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\ICE.ELM, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\ICE.INF.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\ICE.INF, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\THMBNAIL.PNG.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\THMBNAIL.PNG, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\INDUST.ELM.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\INDUST.ELM, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\PREVIEW.GIF.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\PREVIEW.GIF, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\THMBNAIL.PNG.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\THMBNAIL.PNG, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\PREVIEW.GIF.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\PREVIEW.GIF, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\THMBNAIL.PNG.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\THMBNAIL.PNG, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\INDUST.INF.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\INDUST.INF, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\IRIS.ELM.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\IRIS.ELM, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\IRIS.INF.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\IRIS.INF, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\JOURNAL.INF.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\JOURNAL.INF, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\PREVIEW.GIF.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\PREVIEW.GIF, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\THMBNAIL.PNG.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\THMBNAIL.PNG, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\LAYERS.ELM.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\LAYERS.ELM, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\PREVIEW.GIF.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\PREVIEW.GIF, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\THMBNAIL.PNG.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\THMBNAIL.PNG, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\NETWORK.ELM.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\NETWORK.ELM, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\JOURNAL.ELM.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\JOURNAL.ELM, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\LAYERS.INF.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\LAYERS.INF, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\THMBNAIL.PNG.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\THMBNAIL.PNG, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\LEVEL.ELM.RYK | source_filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\LEVEL.ELM, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
|
For performance reasons, the remaining 139 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
Process (90)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | net | show_window = SW_HIDE |
|
2 | |
| Enumerate Processes | - | - |
|
86 | |
| Enumerate Processes | - | - |
|
2 |
Module (78)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | kernel32.dll | base_address = 0x76c20000 |
|
1 | |
| Load | mpr.dll | base_address = 0x74820000 |
|
1 | |
| Load | advapi32.dll | base_address = 0x74d40000 |
|
1 | |
| Load | ole32.dll | base_address = 0x755e0000 |
|
1 | |
| Load | Shell32.dll | base_address = 0x75fd0000 |
|
1 | |
| Load | Iphlpapi.dll | base_address = 0x74b50000 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = LoadLibraryA, address_out = 0x76c349d7 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLastError, address_out = 0x76c311c0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualFree, address_out = 0x76c3186e |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptExportKey, address_out = 0x74d491ea |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = DeleteFileW, address_out = 0x76c389b3 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetDriveTypeW, address_out = 0x76c3418b |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCommandLineW, address_out = 0x76c35223 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetStartupInfoW, address_out = 0x76c34d40 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindNextFileW, address_out = 0x76c354ee |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualAlloc, address_out = 0x76c31856 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = GetUserNameA, address_out = 0x74d6a4b4 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ExitProcess, address_out = 0x76c37a10 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Wow64RevertWow64FsRedirection, address_out = 0x76c4d668 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateProcessA, address_out = 0x76c31072 |
|
1 | |
| Get Address | c:\windows\syswow64\iphlpapi.dll | function = GetIpNetTable, address_out = 0x74b5e52a |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetVersionExW, address_out = 0x76c31ae5 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Wow64DisableWow64FsRedirection, address_out = 0x76c4d650 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetSystemDefaultLangID, address_out = 0x76c5d346 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = GetUserNameW, address_out = 0x74d5157a |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ReadFile, address_out = 0x76c33ed3 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegQueryValueExA, address_out = 0x74d548ef |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CloseHandle, address_out = 0x76c31410 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegSetValueExW, address_out = 0x74d514d6 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegCloseKey, address_out = 0x74d5469d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileA, address_out = 0x76c558e5 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFileAttributesW, address_out = 0x76c4d4f7 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WinExec, address_out = 0x76cb2c21 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDeriveKey, address_out = 0x74d83188 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptGenKey, address_out = 0x74d48ee9 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Sleep, address_out = 0x76c310ff |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentProcess, address_out = 0x76c31809 |
|
1 | |
| Get Address | c:\windows\syswow64\shell32.dll | function = ShellExecuteW, address_out = 0x75fe3c71 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileSize, address_out = 0x76c3196e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GlobalAlloc, address_out = 0x76c3588e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindClose, address_out = 0x76c34442 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WaitForMultipleObjects, address_out = 0x76c34220 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleFileNameA, address_out = 0x76c314b1 |
|
1 | |
| Get Address | c:\windows\syswow64\shell32.dll | function = ShellExecuteA, address_out = 0x76217078 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleHandleA, address_out = 0x76c31245 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleFileNameW, address_out = 0x76c34950 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFileA, address_out = 0x76c353c6 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileSizeEx, address_out = 0x76c359e2 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WriteFile, address_out = 0x76c31282 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLogicalDrives, address_out = 0x76c35371 |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetEnumResourceW, address_out = 0x74823058 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyExW, address_out = 0x74d5468d |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetCloseEnum, address_out = 0x74822dd6 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetWindowsDirectoryW, address_out = 0x76c343e2 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFileAttributesA, address_out = 0x76c4ecd3 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyExA, address_out = 0x74d54907 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFilePointer, address_out = 0x76c317d1 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetTickCount, address_out = 0x76c3110c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileAttributesW, address_out = 0x76c31b18 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindFirstFileW, address_out = 0x76c34435 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptAcquireContextW, address_out = 0x74d4df14 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = MoveFileExW, address_out = 0x76c49b2d |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetOpenEnumW, address_out = 0x74822f06 |
|
1 | |
| Get Address | c:\windows\syswow64\ole32.dll | function = CoInitialize, address_out = 0x755fb636 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDecrypt, address_out = 0x74d83178 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptImportKey, address_out = 0x74d4c532 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFilePointerEx, address_out = 0x76c4c807 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileW, address_out = 0x76c5830d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FreeLibrary, address_out = 0x76c334c8 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateProcessW, address_out = 0x76c3103d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateDirectoryW, address_out = 0x76c34259 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateThread, address_out = 0x76c334d5 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDestroyKey, address_out = 0x74d4c51a |
|
1 | |
| Get Address | c:\windows\syswow64\ole32.dll | function = CoCreateInstance, address_out = 0x75629d0b |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFileW, address_out = 0x76c33f5c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileAttributesA, address_out = 0x76c35414 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptEncrypt, address_out = 0x74d6779b |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegDeleteValueW, address_out = 0x74d4cf31 |
|
1 |
Service (6)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
User (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Lookup Privilege | privilege = SeBackupPrivilege, luid = 17 |
|
1 |
System (17)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 5000 milliseconds (5.000 seconds) |
|
1 | |
| Sleep | duration = 25000 milliseconds (25.000 seconds) |
|
3 | |
| Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Sleep | duration = 150 milliseconds (0.150 seconds) |
|
2 | |
| Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
2 | |
| Get Info | type = Operating System |
|
2 | |
| Get Info | type = Windows Directory, result_out = C:\Windows |
|
6 |
Process #18: immigration.exe
98
0
| Information | Value |
|---|---|
| ID | #18 |
| File Name | c:\program files\common files\immigration.exe |
| Command Line | "C:\Program Files\Common Files\immigration.exe" |
| Initial Working Directory | C:\Program Files\Common Files\ |
| Monitor | Start Time: 00:01:05, Reason: Injection |
| Unmonitor | End Time: 00:02:05, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:00 |
| Remark | This is a randomly generated process started by the VMRay Analyzer prior to the sample analysis. |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x724 |
| Parent PID | 0x45c (c:\windows\explorer.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
938
0x
714
0x
B50
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| immigration.exe | 0x01100000 | 0x01115FFF | Relevant Image | - | 32-bit | - |
|
|
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #1: c:\users\5p5nrgjn0js halpmcxz\desktop\_00270000.mem.exe | 0xa40 | address = 0x30000000, size = 2936832 |
|
1 | |
| Create Remote Thread | #1: c:\users\5p5nrgjn0js halpmcxz\desktop\_00270000.mem.exe | 0xa40 | address = 0x30001982 |
|
1 |
Host Behavior
File (6)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\users\Public\sys | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
6 |
Module (78)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | kernel32.dll | base_address = 0x76c20000 |
|
1 | |
| Load | mpr.dll | base_address = 0x74820000 |
|
1 | |
| Load | advapi32.dll | base_address = 0x74d40000 |
|
1 | |
| Load | ole32.dll | base_address = 0x755e0000 |
|
1 | |
| Load | Shell32.dll | base_address = 0x75fd0000 |
|
1 | |
| Load | Iphlpapi.dll | base_address = 0x74b50000 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = LoadLibraryA, address_out = 0x76c349d7 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLastError, address_out = 0x76c311c0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualFree, address_out = 0x76c3186e |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptExportKey, address_out = 0x74d491ea |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = DeleteFileW, address_out = 0x76c389b3 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetDriveTypeW, address_out = 0x76c3418b |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCommandLineW, address_out = 0x76c35223 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetStartupInfoW, address_out = 0x76c34d40 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindNextFileW, address_out = 0x76c354ee |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualAlloc, address_out = 0x76c31856 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = GetUserNameA, address_out = 0x74d6a4b4 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ExitProcess, address_out = 0x76c37a10 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Wow64RevertWow64FsRedirection, address_out = 0x76c4d668 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateProcessA, address_out = 0x76c31072 |
|
1 | |
| Get Address | c:\windows\syswow64\iphlpapi.dll | function = GetIpNetTable, address_out = 0x74b5e52a |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetVersionExW, address_out = 0x76c31ae5 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Wow64DisableWow64FsRedirection, address_out = 0x76c4d650 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetSystemDefaultLangID, address_out = 0x76c5d346 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = GetUserNameW, address_out = 0x74d5157a |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ReadFile, address_out = 0x76c33ed3 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegQueryValueExA, address_out = 0x74d548ef |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CloseHandle, address_out = 0x76c31410 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegSetValueExW, address_out = 0x74d514d6 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegCloseKey, address_out = 0x74d5469d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileA, address_out = 0x76c558e5 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFileAttributesW, address_out = 0x76c4d4f7 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WinExec, address_out = 0x76cb2c21 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDeriveKey, address_out = 0x74d83188 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptGenKey, address_out = 0x74d48ee9 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Sleep, address_out = 0x76c310ff |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentProcess, address_out = 0x76c31809 |
|
1 | |
| Get Address | c:\windows\syswow64\shell32.dll | function = ShellExecuteW, address_out = 0x75fe3c71 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileSize, address_out = 0x76c3196e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GlobalAlloc, address_out = 0x76c3588e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindClose, address_out = 0x76c34442 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WaitForMultipleObjects, address_out = 0x76c34220 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleFileNameA, address_out = 0x76c314b1 |
|
1 | |
| Get Address | c:\windows\syswow64\shell32.dll | function = ShellExecuteA, address_out = 0x76217078 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleHandleA, address_out = 0x76c31245 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleFileNameW, address_out = 0x76c34950 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFileA, address_out = 0x76c353c6 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileSizeEx, address_out = 0x76c359e2 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WriteFile, address_out = 0x76c31282 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLogicalDrives, address_out = 0x76c35371 |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetEnumResourceW, address_out = 0x74823058 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyExW, address_out = 0x74d5468d |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetCloseEnum, address_out = 0x74822dd6 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetWindowsDirectoryW, address_out = 0x76c343e2 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFileAttributesA, address_out = 0x76c4ecd3 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyExA, address_out = 0x74d54907 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFilePointer, address_out = 0x76c317d1 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetTickCount, address_out = 0x76c3110c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileAttributesW, address_out = 0x76c31b18 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindFirstFileW, address_out = 0x76c34435 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptAcquireContextW, address_out = 0x74d4df14 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = MoveFileExW, address_out = 0x76c49b2d |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetOpenEnumW, address_out = 0x74822f06 |
|
1 | |
| Get Address | c:\windows\syswow64\ole32.dll | function = CoInitialize, address_out = 0x755fb636 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDecrypt, address_out = 0x74d83178 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptImportKey, address_out = 0x74d4c532 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFilePointerEx, address_out = 0x76c4c807 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileW, address_out = 0x76c5830d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FreeLibrary, address_out = 0x76c334c8 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateProcessW, address_out = 0x76c3103d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateDirectoryW, address_out = 0x76c34259 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateThread, address_out = 0x76c334d5 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDestroyKey, address_out = 0x74d4c51a |
|
1 | |
| Get Address | c:\windows\syswow64\ole32.dll | function = CoCreateInstance, address_out = 0x75629d0b |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFileW, address_out = 0x76c33f5c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileAttributesA, address_out = 0x76c35414 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptEncrypt, address_out = 0x74d6779b |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegDeleteValueW, address_out = 0x74d4cf31 |
|
1 |
System (14)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 5000 milliseconds (5.000 seconds) |
|
1 | |
| Sleep | duration = 25000 milliseconds (25.000 seconds) |
|
6 | |
| Get Info | type = Operating System |
|
1 | |
| Get Info | type = Windows Directory, result_out = C:\Windows |
|
6 |
Process #19: dumb_si.exe
91
0
| Information | Value |
|---|---|
| ID | #19 |
| File Name | c:\program files\windows portable devices\dumb_si.exe |
| Command Line | "C:\Program Files\Windows Portable Devices\dumb_si.exe" |
| Initial Working Directory | C:\Program Files\Windows Portable Devices\ |
| Monitor | Start Time: 00:01:05, Reason: Injection |
| Unmonitor | End Time: 00:01:36, Reason: Crashed |
| Monitor Duration | 00:00:30 |
| Remark | This is a randomly generated process started by the VMRay Analyzer prior to the sample analysis. |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x688 |
| Parent PID | 0x45c (c:\windows\explorer.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
934
0x
518
0x
B5C
0x
CC8
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #1: c:\users\5p5nrgjn0js halpmcxz\desktop\_00270000.mem.exe | 0xa40 | address = 0x30000000, size = 2936832 |
|
1 | |
| Create Remote Thread | #1: c:\users\5p5nrgjn0js halpmcxz\desktop\_00270000.mem.exe | 0xa40 | address = 0x30001982 |
|
1 |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\users\Public\sys | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
2 | |
| Create | C:\users\Public\sys | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 |
Module (78)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | kernel32.dll | base_address = 0x76c20000 |
|
1 | |
| Load | mpr.dll | base_address = 0x74820000 |
|
1 | |
| Load | advapi32.dll | base_address = 0x74d40000 |
|
1 | |
| Load | ole32.dll | base_address = 0x755e0000 |
|
1 | |
| Load | Shell32.dll | base_address = 0x75fd0000 |
|
1 | |
| Load | Iphlpapi.dll | base_address = 0x74b50000 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = LoadLibraryA, address_out = 0x76c349d7 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLastError, address_out = 0x76c311c0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualFree, address_out = 0x76c3186e |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptExportKey, address_out = 0x74d491ea |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = DeleteFileW, address_out = 0x76c389b3 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetDriveTypeW, address_out = 0x76c3418b |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCommandLineW, address_out = 0x76c35223 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetStartupInfoW, address_out = 0x76c34d40 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindNextFileW, address_out = 0x76c354ee |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualAlloc, address_out = 0x76c31856 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = GetUserNameA, address_out = 0x74d6a4b4 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ExitProcess, address_out = 0x76c37a10 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Wow64RevertWow64FsRedirection, address_out = 0x76c4d668 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateProcessA, address_out = 0x76c31072 |
|
1 | |
| Get Address | c:\windows\syswow64\iphlpapi.dll | function = GetIpNetTable, address_out = 0x74b5e52a |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetVersionExW, address_out = 0x76c31ae5 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Wow64DisableWow64FsRedirection, address_out = 0x76c4d650 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetSystemDefaultLangID, address_out = 0x76c5d346 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = GetUserNameW, address_out = 0x74d5157a |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ReadFile, address_out = 0x76c33ed3 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegQueryValueExA, address_out = 0x74d548ef |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CloseHandle, address_out = 0x76c31410 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegSetValueExW, address_out = 0x74d514d6 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegCloseKey, address_out = 0x74d5469d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileA, address_out = 0x76c558e5 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFileAttributesW, address_out = 0x76c4d4f7 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WinExec, address_out = 0x76cb2c21 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDeriveKey, address_out = 0x74d83188 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptGenKey, address_out = 0x74d48ee9 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Sleep, address_out = 0x76c310ff |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentProcess, address_out = 0x76c31809 |
|
1 | |
| Get Address | c:\windows\syswow64\shell32.dll | function = ShellExecuteW, address_out = 0x75fe3c71 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileSize, address_out = 0x76c3196e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GlobalAlloc, address_out = 0x76c3588e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindClose, address_out = 0x76c34442 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WaitForMultipleObjects, address_out = 0x76c34220 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleFileNameA, address_out = 0x76c314b1 |
|
1 | |
| Get Address | c:\windows\syswow64\shell32.dll | function = ShellExecuteA, address_out = 0x76217078 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleHandleA, address_out = 0x76c31245 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleFileNameW, address_out = 0x76c34950 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFileA, address_out = 0x76c353c6 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileSizeEx, address_out = 0x76c359e2 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WriteFile, address_out = 0x76c31282 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLogicalDrives, address_out = 0x76c35371 |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetEnumResourceW, address_out = 0x74823058 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyExW, address_out = 0x74d5468d |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetCloseEnum, address_out = 0x74822dd6 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetWindowsDirectoryW, address_out = 0x76c343e2 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFileAttributesA, address_out = 0x76c4ecd3 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyExA, address_out = 0x74d54907 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFilePointer, address_out = 0x76c317d1 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetTickCount, address_out = 0x76c3110c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileAttributesW, address_out = 0x76c31b18 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindFirstFileW, address_out = 0x76c34435 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptAcquireContextW, address_out = 0x74d4df14 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = MoveFileExW, address_out = 0x76c49b2d |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetOpenEnumW, address_out = 0x74822f06 |
|
1 | |
| Get Address | c:\windows\syswow64\ole32.dll | function = CoInitialize, address_out = 0x755fb636 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDecrypt, address_out = 0x74d83178 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptImportKey, address_out = 0x74d4c532 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFilePointerEx, address_out = 0x76c4c807 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileW, address_out = 0x76c5830d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FreeLibrary, address_out = 0x76c334c8 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateProcessW, address_out = 0x76c3103d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateDirectoryW, address_out = 0x76c34259 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateThread, address_out = 0x76c334d5 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDestroyKey, address_out = 0x74d4c51a |
|
1 | |
| Get Address | c:\windows\syswow64\ole32.dll | function = CoCreateInstance, address_out = 0x75629d0b |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFileW, address_out = 0x76c33f5c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileAttributesA, address_out = 0x76c35414 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptEncrypt, address_out = 0x74d6779b |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegDeleteValueW, address_out = 0x74d4cf31 |
|
1 |
User (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Lookup Privilege | privilege = SeBackupPrivilege, luid = 17 |
|
1 |
System (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 5000 milliseconds (5.000 seconds) |
|
1 | |
| Sleep | duration = 25000 milliseconds (25.000 seconds) |
|
2 | |
| Get Info | type = Operating System |
|
1 | |
| Get Info | type = Windows Directory, result_out = C:\Windows |
|
3 |
Process #20: mentioned-de-fc.exe
98
0
| Information | Value |
|---|---|
| ID | #20 |
| File Name | c:\program files\windows media player\mentioned-de-fc.exe |
| Command Line | "C:\Program Files\Windows Media Player\mentioned-de-fc.exe" |
| Initial Working Directory | C:\Program Files\Windows Media Player\ |
| Monitor | Start Time: 00:01:06, Reason: Injection |
| Unmonitor | End Time: 00:02:05, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:59 |
| Remark | This is a randomly generated process started by the VMRay Analyzer prior to the sample analysis. |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x7fc |
| Parent PID | 0x45c (c:\windows\explorer.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
930
0x
7F0
0x
B60
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #1: c:\users\5p5nrgjn0js halpmcxz\desktop\_00270000.mem.exe | 0xa40 | address = 0x30000000, size = 2936832 |
|
1 | |
| Create Remote Thread | #1: c:\users\5p5nrgjn0js halpmcxz\desktop\_00270000.mem.exe | 0xa40 | address = 0x30001982 |
|
1 |
Host Behavior
File (6)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\users\Public\sys | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
6 |
Module (78)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | kernel32.dll | base_address = 0x76c20000 |
|
1 | |
| Load | mpr.dll | base_address = 0x74820000 |
|
1 | |
| Load | advapi32.dll | base_address = 0x74d40000 |
|
1 | |
| Load | ole32.dll | base_address = 0x755e0000 |
|
1 | |
| Load | Shell32.dll | base_address = 0x75fd0000 |
|
1 | |
| Load | Iphlpapi.dll | base_address = 0x74b50000 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = LoadLibraryA, address_out = 0x76c349d7 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLastError, address_out = 0x76c311c0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualFree, address_out = 0x76c3186e |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptExportKey, address_out = 0x74d491ea |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = DeleteFileW, address_out = 0x76c389b3 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetDriveTypeW, address_out = 0x76c3418b |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCommandLineW, address_out = 0x76c35223 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetStartupInfoW, address_out = 0x76c34d40 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindNextFileW, address_out = 0x76c354ee |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualAlloc, address_out = 0x76c31856 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = GetUserNameA, address_out = 0x74d6a4b4 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ExitProcess, address_out = 0x76c37a10 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Wow64RevertWow64FsRedirection, address_out = 0x76c4d668 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateProcessA, address_out = 0x76c31072 |
|
1 | |
| Get Address | c:\windows\syswow64\iphlpapi.dll | function = GetIpNetTable, address_out = 0x74b5e52a |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetVersionExW, address_out = 0x76c31ae5 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Wow64DisableWow64FsRedirection, address_out = 0x76c4d650 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetSystemDefaultLangID, address_out = 0x76c5d346 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = GetUserNameW, address_out = 0x74d5157a |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ReadFile, address_out = 0x76c33ed3 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegQueryValueExA, address_out = 0x74d548ef |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CloseHandle, address_out = 0x76c31410 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegSetValueExW, address_out = 0x74d514d6 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegCloseKey, address_out = 0x74d5469d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileA, address_out = 0x76c558e5 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFileAttributesW, address_out = 0x76c4d4f7 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WinExec, address_out = 0x76cb2c21 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDeriveKey, address_out = 0x74d83188 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptGenKey, address_out = 0x74d48ee9 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Sleep, address_out = 0x76c310ff |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentProcess, address_out = 0x76c31809 |
|
1 | |
| Get Address | c:\windows\syswow64\shell32.dll | function = ShellExecuteW, address_out = 0x75fe3c71 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileSize, address_out = 0x76c3196e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GlobalAlloc, address_out = 0x76c3588e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindClose, address_out = 0x76c34442 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WaitForMultipleObjects, address_out = 0x76c34220 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleFileNameA, address_out = 0x76c314b1 |
|
1 | |
| Get Address | c:\windows\syswow64\shell32.dll | function = ShellExecuteA, address_out = 0x76217078 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleHandleA, address_out = 0x76c31245 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleFileNameW, address_out = 0x76c34950 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFileA, address_out = 0x76c353c6 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileSizeEx, address_out = 0x76c359e2 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WriteFile, address_out = 0x76c31282 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLogicalDrives, address_out = 0x76c35371 |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetEnumResourceW, address_out = 0x74823058 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyExW, address_out = 0x74d5468d |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetCloseEnum, address_out = 0x74822dd6 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetWindowsDirectoryW, address_out = 0x76c343e2 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFileAttributesA, address_out = 0x76c4ecd3 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyExA, address_out = 0x74d54907 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFilePointer, address_out = 0x76c317d1 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetTickCount, address_out = 0x76c3110c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileAttributesW, address_out = 0x76c31b18 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindFirstFileW, address_out = 0x76c34435 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptAcquireContextW, address_out = 0x74d4df14 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = MoveFileExW, address_out = 0x76c49b2d |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetOpenEnumW, address_out = 0x74822f06 |
|
1 | |
| Get Address | c:\windows\syswow64\ole32.dll | function = CoInitialize, address_out = 0x755fb636 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDecrypt, address_out = 0x74d83178 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptImportKey, address_out = 0x74d4c532 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFilePointerEx, address_out = 0x76c4c807 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileW, address_out = 0x76c5830d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FreeLibrary, address_out = 0x76c334c8 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateProcessW, address_out = 0x76c3103d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateDirectoryW, address_out = 0x76c34259 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateThread, address_out = 0x76c334d5 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDestroyKey, address_out = 0x74d4c51a |
|
1 | |
| Get Address | c:\windows\syswow64\ole32.dll | function = CoCreateInstance, address_out = 0x75629d0b |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFileW, address_out = 0x76c33f5c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileAttributesA, address_out = 0x76c35414 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptEncrypt, address_out = 0x74d6779b |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegDeleteValueW, address_out = 0x74d4cf31 |
|
1 |
System (14)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 5000 milliseconds (5.000 seconds) |
|
1 | |
| Sleep | duration = 25000 milliseconds (25.000 seconds) |
|
6 | |
| Get Info | type = Operating System |
|
1 | |
| Get Info | type = Windows Directory, result_out = C:\Windows |
|
6 |
Process #21: portsmouth.exe
95
0
| Information | Value |
|---|---|
| ID | #21 |
| File Name | c:\program files (x86)\windows portable devices\portsmouth.exe |
| Command Line | "C:\Program Files (x86)\Windows Portable Devices\portsmouth.exe" |
| Initial Working Directory | C:\Program Files (x86)\Windows Portable Devices\ |
| Monitor | Start Time: 00:01:06, Reason: Injection |
| Unmonitor | End Time: 00:02:05, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:58 |
| Remark | This is a randomly generated process started by the VMRay Analyzer prior to the sample analysis. |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x11c |
| Parent PID | 0x45c (c:\windows\explorer.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
92C
0x
7C8
0x
B70
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| portsmouth.exe | 0x00270000 | 0x00285FFF | Relevant Image | - | 32-bit | - |
|
|
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #1: c:\users\5p5nrgjn0js halpmcxz\desktop\_00270000.mem.exe | 0xa40 | address = 0x30000000, size = 2936832 |
|
1 | |
| Create Remote Thread | #1: c:\users\5p5nrgjn0js halpmcxz\desktop\_00270000.mem.exe | 0xa40 | address = 0x30001982 |
|
1 |
Host Behavior
File (5)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\users\Public\sys | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
5 |
Module (78)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | kernel32.dll | base_address = 0x76c20000 |
|
1 | |
| Load | mpr.dll | base_address = 0x74820000 |
|
1 | |
| Load | advapi32.dll | base_address = 0x74d40000 |
|
1 | |
| Load | ole32.dll | base_address = 0x755e0000 |
|
1 | |
| Load | Shell32.dll | base_address = 0x75fd0000 |
|
1 | |
| Load | Iphlpapi.dll | base_address = 0x74b50000 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = LoadLibraryA, address_out = 0x76c349d7 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLastError, address_out = 0x76c311c0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualFree, address_out = 0x76c3186e |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptExportKey, address_out = 0x74d491ea |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = DeleteFileW, address_out = 0x76c389b3 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetDriveTypeW, address_out = 0x76c3418b |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCommandLineW, address_out = 0x76c35223 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetStartupInfoW, address_out = 0x76c34d40 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindNextFileW, address_out = 0x76c354ee |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualAlloc, address_out = 0x76c31856 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = GetUserNameA, address_out = 0x74d6a4b4 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ExitProcess, address_out = 0x76c37a10 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Wow64RevertWow64FsRedirection, address_out = 0x76c4d668 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateProcessA, address_out = 0x76c31072 |
|
1 | |
| Get Address | c:\windows\syswow64\iphlpapi.dll | function = GetIpNetTable, address_out = 0x74b5e52a |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetVersionExW, address_out = 0x76c31ae5 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Wow64DisableWow64FsRedirection, address_out = 0x76c4d650 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetSystemDefaultLangID, address_out = 0x76c5d346 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = GetUserNameW, address_out = 0x74d5157a |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ReadFile, address_out = 0x76c33ed3 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegQueryValueExA, address_out = 0x74d548ef |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CloseHandle, address_out = 0x76c31410 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegSetValueExW, address_out = 0x74d514d6 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegCloseKey, address_out = 0x74d5469d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileA, address_out = 0x76c558e5 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFileAttributesW, address_out = 0x76c4d4f7 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WinExec, address_out = 0x76cb2c21 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDeriveKey, address_out = 0x74d83188 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptGenKey, address_out = 0x74d48ee9 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Sleep, address_out = 0x76c310ff |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentProcess, address_out = 0x76c31809 |
|
1 | |
| Get Address | c:\windows\syswow64\shell32.dll | function = ShellExecuteW, address_out = 0x75fe3c71 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileSize, address_out = 0x76c3196e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GlobalAlloc, address_out = 0x76c3588e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindClose, address_out = 0x76c34442 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WaitForMultipleObjects, address_out = 0x76c34220 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleFileNameA, address_out = 0x76c314b1 |
|
1 | |
| Get Address | c:\windows\syswow64\shell32.dll | function = ShellExecuteA, address_out = 0x76217078 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleHandleA, address_out = 0x76c31245 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleFileNameW, address_out = 0x76c34950 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFileA, address_out = 0x76c353c6 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileSizeEx, address_out = 0x76c359e2 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WriteFile, address_out = 0x76c31282 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLogicalDrives, address_out = 0x76c35371 |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetEnumResourceW, address_out = 0x74823058 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyExW, address_out = 0x74d5468d |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetCloseEnum, address_out = 0x74822dd6 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetWindowsDirectoryW, address_out = 0x76c343e2 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFileAttributesA, address_out = 0x76c4ecd3 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyExA, address_out = 0x74d54907 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFilePointer, address_out = 0x76c317d1 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetTickCount, address_out = 0x76c3110c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileAttributesW, address_out = 0x76c31b18 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindFirstFileW, address_out = 0x76c34435 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptAcquireContextW, address_out = 0x74d4df14 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = MoveFileExW, address_out = 0x76c49b2d |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetOpenEnumW, address_out = 0x74822f06 |
|
1 | |
| Get Address | c:\windows\syswow64\ole32.dll | function = CoInitialize, address_out = 0x755fb636 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDecrypt, address_out = 0x74d83178 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptImportKey, address_out = 0x74d4c532 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFilePointerEx, address_out = 0x76c4c807 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileW, address_out = 0x76c5830d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FreeLibrary, address_out = 0x76c334c8 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateProcessW, address_out = 0x76c3103d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateDirectoryW, address_out = 0x76c34259 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateThread, address_out = 0x76c334d5 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDestroyKey, address_out = 0x74d4c51a |
|
1 | |
| Get Address | c:\windows\syswow64\ole32.dll | function = CoCreateInstance, address_out = 0x75629d0b |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFileW, address_out = 0x76c33f5c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileAttributesA, address_out = 0x76c35414 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptEncrypt, address_out = 0x74d6779b |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegDeleteValueW, address_out = 0x74d4cf31 |
|
1 |
System (12)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 5000 milliseconds (5.000 seconds) |
|
1 | |
| Sleep | duration = 25000 milliseconds (25.000 seconds) |
|
5 | |
| Get Info | type = Operating System |
|
1 | |
| Get Info | type = Windows Directory, result_out = C:\Windows |
|
5 |
Process #22: guy coffee glenn.exe
91
0
| Information | Value |
|---|---|
| ID | #22 |
| File Name | c:\program files (x86)\windows media player\guy coffee glenn.exe |
| Command Line | "C:\Program Files (x86)\Windows Media Player\guy coffee glenn.exe" |
| Initial Working Directory | C:\Program Files (x86)\Windows Media Player\ |
| Monitor | Start Time: 00:01:07, Reason: Injection |
| Unmonitor | End Time: 00:01:39, Reason: Crashed |
| Monitor Duration | 00:00:31 |
| Remark | This is a randomly generated process started by the VMRay Analyzer prior to the sample analysis. |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x798 |
| Parent PID | 0x45c (c:\windows\explorer.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
928
0x
7B4
0x
B74
0x
E14
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #1: c:\users\5p5nrgjn0js halpmcxz\desktop\_00270000.mem.exe | 0xa40 | address = 0x30000000, size = 2936832 |
|
1 | |
| Create Remote Thread | #1: c:\users\5p5nrgjn0js halpmcxz\desktop\_00270000.mem.exe | 0xa40 | address = 0x30001982 |
|
1 |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\users\Public\sys | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
2 | |
| Create | C:\users\Public\sys | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 |
Module (78)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | kernel32.dll | base_address = 0x76c20000 |
|
1 | |
| Load | mpr.dll | base_address = 0x74820000 |
|
1 | |
| Load | advapi32.dll | base_address = 0x74d40000 |
|
1 | |
| Load | ole32.dll | base_address = 0x755e0000 |
|
1 | |
| Load | Shell32.dll | base_address = 0x75fd0000 |
|
1 | |
| Load | Iphlpapi.dll | base_address = 0x74b50000 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = LoadLibraryA, address_out = 0x76c349d7 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLastError, address_out = 0x76c311c0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualFree, address_out = 0x76c3186e |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptExportKey, address_out = 0x74d491ea |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = DeleteFileW, address_out = 0x76c389b3 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetDriveTypeW, address_out = 0x76c3418b |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCommandLineW, address_out = 0x76c35223 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetStartupInfoW, address_out = 0x76c34d40 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindNextFileW, address_out = 0x76c354ee |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualAlloc, address_out = 0x76c31856 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = GetUserNameA, address_out = 0x74d6a4b4 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ExitProcess, address_out = 0x76c37a10 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Wow64RevertWow64FsRedirection, address_out = 0x76c4d668 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateProcessA, address_out = 0x76c31072 |
|
1 | |
| Get Address | c:\windows\syswow64\iphlpapi.dll | function = GetIpNetTable, address_out = 0x74b5e52a |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetVersionExW, address_out = 0x76c31ae5 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Wow64DisableWow64FsRedirection, address_out = 0x76c4d650 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetSystemDefaultLangID, address_out = 0x76c5d346 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = GetUserNameW, address_out = 0x74d5157a |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ReadFile, address_out = 0x76c33ed3 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegQueryValueExA, address_out = 0x74d548ef |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CloseHandle, address_out = 0x76c31410 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegSetValueExW, address_out = 0x74d514d6 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegCloseKey, address_out = 0x74d5469d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileA, address_out = 0x76c558e5 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFileAttributesW, address_out = 0x76c4d4f7 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WinExec, address_out = 0x76cb2c21 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDeriveKey, address_out = 0x74d83188 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptGenKey, address_out = 0x74d48ee9 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Sleep, address_out = 0x76c310ff |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentProcess, address_out = 0x76c31809 |
|
1 | |
| Get Address | c:\windows\syswow64\shell32.dll | function = ShellExecuteW, address_out = 0x75fe3c71 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileSize, address_out = 0x76c3196e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GlobalAlloc, address_out = 0x76c3588e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindClose, address_out = 0x76c34442 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WaitForMultipleObjects, address_out = 0x76c34220 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleFileNameA, address_out = 0x76c314b1 |
|
1 | |
| Get Address | c:\windows\syswow64\shell32.dll | function = ShellExecuteA, address_out = 0x76217078 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleHandleA, address_out = 0x76c31245 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleFileNameW, address_out = 0x76c34950 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFileA, address_out = 0x76c353c6 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileSizeEx, address_out = 0x76c359e2 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WriteFile, address_out = 0x76c31282 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLogicalDrives, address_out = 0x76c35371 |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetEnumResourceW, address_out = 0x74823058 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyExW, address_out = 0x74d5468d |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetCloseEnum, address_out = 0x74822dd6 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetWindowsDirectoryW, address_out = 0x76c343e2 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFileAttributesA, address_out = 0x76c4ecd3 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyExA, address_out = 0x74d54907 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFilePointer, address_out = 0x76c317d1 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetTickCount, address_out = 0x76c3110c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileAttributesW, address_out = 0x76c31b18 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindFirstFileW, address_out = 0x76c34435 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptAcquireContextW, address_out = 0x74d4df14 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = MoveFileExW, address_out = 0x76c49b2d |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetOpenEnumW, address_out = 0x74822f06 |
|
1 | |
| Get Address | c:\windows\syswow64\ole32.dll | function = CoInitialize, address_out = 0x755fb636 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDecrypt, address_out = 0x74d83178 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptImportKey, address_out = 0x74d4c532 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFilePointerEx, address_out = 0x76c4c807 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileW, address_out = 0x76c5830d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FreeLibrary, address_out = 0x76c334c8 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateProcessW, address_out = 0x76c3103d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateDirectoryW, address_out = 0x76c34259 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateThread, address_out = 0x76c334d5 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDestroyKey, address_out = 0x74d4c51a |
|
1 | |
| Get Address | c:\windows\syswow64\ole32.dll | function = CoCreateInstance, address_out = 0x75629d0b |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFileW, address_out = 0x76c33f5c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileAttributesA, address_out = 0x76c35414 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptEncrypt, address_out = 0x74d6779b |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegDeleteValueW, address_out = 0x74d4cf31 |
|
1 |
User (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Lookup Privilege | privilege = SeBackupPrivilege, luid = 17 |
|
1 |
System (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 5000 milliseconds (5.000 seconds) |
|
1 | |
| Sleep | duration = 25000 milliseconds (25.000 seconds) |
|
2 | |
| Get Info | type = Operating System |
|
1 | |
| Get Info | type = Windows Directory, result_out = C:\Windows |
|
3 |
Process #23: argued.exe
95
0
| Information | Value |
|---|---|
| ID | #23 |
| File Name | c:\program files (x86)\windows photo viewer\argued.exe |
| Command Line | "C:\Program Files (x86)\Windows Photo Viewer\argued.exe" |
| Initial Working Directory | C:\Program Files (x86)\Windows Photo Viewer\ |
| Monitor | Start Time: 00:01:08, Reason: Injection |
| Unmonitor | End Time: 00:02:05, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:57 |
| Remark | This is a randomly generated process started by the VMRay Analyzer prior to the sample analysis. |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x6ac |
| Parent PID | 0x45c (c:\windows\explorer.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
924
0x
324
0x
B80
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #1: c:\users\5p5nrgjn0js halpmcxz\desktop\_00270000.mem.exe | 0xa40 | address = 0x30000000, size = 2936832 |
|
1 | |
| Create Remote Thread | #1: c:\users\5p5nrgjn0js halpmcxz\desktop\_00270000.mem.exe | 0xa40 | address = 0x30001982 |
|
1 |
Host Behavior
File (5)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\users\Public\sys | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
5 |
Module (78)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | kernel32.dll | base_address = 0x76c20000 |
|
1 | |
| Load | mpr.dll | base_address = 0x74820000 |
|
1 | |
| Load | advapi32.dll | base_address = 0x74d40000 |
|
1 | |
| Load | ole32.dll | base_address = 0x755e0000 |
|
1 | |
| Load | Shell32.dll | base_address = 0x75fd0000 |
|
1 | |
| Load | Iphlpapi.dll | base_address = 0x74b50000 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = LoadLibraryA, address_out = 0x76c349d7 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLastError, address_out = 0x76c311c0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualFree, address_out = 0x76c3186e |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptExportKey, address_out = 0x74d491ea |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = DeleteFileW, address_out = 0x76c389b3 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetDriveTypeW, address_out = 0x76c3418b |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCommandLineW, address_out = 0x76c35223 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetStartupInfoW, address_out = 0x76c34d40 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindNextFileW, address_out = 0x76c354ee |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualAlloc, address_out = 0x76c31856 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = GetUserNameA, address_out = 0x74d6a4b4 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ExitProcess, address_out = 0x76c37a10 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Wow64RevertWow64FsRedirection, address_out = 0x76c4d668 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateProcessA, address_out = 0x76c31072 |
|
1 | |
| Get Address | c:\windows\syswow64\iphlpapi.dll | function = GetIpNetTable, address_out = 0x74b5e52a |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetVersionExW, address_out = 0x76c31ae5 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Wow64DisableWow64FsRedirection, address_out = 0x76c4d650 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetSystemDefaultLangID, address_out = 0x76c5d346 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = GetUserNameW, address_out = 0x74d5157a |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ReadFile, address_out = 0x76c33ed3 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegQueryValueExA, address_out = 0x74d548ef |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CloseHandle, address_out = 0x76c31410 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegSetValueExW, address_out = 0x74d514d6 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegCloseKey, address_out = 0x74d5469d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileA, address_out = 0x76c558e5 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFileAttributesW, address_out = 0x76c4d4f7 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WinExec, address_out = 0x76cb2c21 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDeriveKey, address_out = 0x74d83188 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptGenKey, address_out = 0x74d48ee9 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Sleep, address_out = 0x76c310ff |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentProcess, address_out = 0x76c31809 |
|
1 | |
| Get Address | c:\windows\syswow64\shell32.dll | function = ShellExecuteW, address_out = 0x75fe3c71 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileSize, address_out = 0x76c3196e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GlobalAlloc, address_out = 0x76c3588e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindClose, address_out = 0x76c34442 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WaitForMultipleObjects, address_out = 0x76c34220 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleFileNameA, address_out = 0x76c314b1 |
|
1 | |
| Get Address | c:\windows\syswow64\shell32.dll | function = ShellExecuteA, address_out = 0x76217078 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleHandleA, address_out = 0x76c31245 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleFileNameW, address_out = 0x76c34950 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFileA, address_out = 0x76c353c6 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileSizeEx, address_out = 0x76c359e2 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WriteFile, address_out = 0x76c31282 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLogicalDrives, address_out = 0x76c35371 |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetEnumResourceW, address_out = 0x74823058 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyExW, address_out = 0x74d5468d |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetCloseEnum, address_out = 0x74822dd6 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetWindowsDirectoryW, address_out = 0x76c343e2 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFileAttributesA, address_out = 0x76c4ecd3 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyExA, address_out = 0x74d54907 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFilePointer, address_out = 0x76c317d1 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetTickCount, address_out = 0x76c3110c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileAttributesW, address_out = 0x76c31b18 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindFirstFileW, address_out = 0x76c34435 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptAcquireContextW, address_out = 0x74d4df14 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = MoveFileExW, address_out = 0x76c49b2d |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetOpenEnumW, address_out = 0x74822f06 |
|
1 | |
| Get Address | c:\windows\syswow64\ole32.dll | function = CoInitialize, address_out = 0x755fb636 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDecrypt, address_out = 0x74d83178 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptImportKey, address_out = 0x74d4c532 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFilePointerEx, address_out = 0x76c4c807 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileW, address_out = 0x76c5830d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FreeLibrary, address_out = 0x76c334c8 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateProcessW, address_out = 0x76c3103d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateDirectoryW, address_out = 0x76c34259 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateThread, address_out = 0x76c334d5 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDestroyKey, address_out = 0x74d4c51a |
|
1 | |
| Get Address | c:\windows\syswow64\ole32.dll | function = CoCreateInstance, address_out = 0x75629d0b |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFileW, address_out = 0x76c33f5c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileAttributesA, address_out = 0x76c35414 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptEncrypt, address_out = 0x74d6779b |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegDeleteValueW, address_out = 0x74d4cf31 |
|
1 |
System (12)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 5000 milliseconds (5.000 seconds) |
|
1 | |
| Sleep | duration = 25000 milliseconds (25.000 seconds) |
|
5 | |
| Get Info | type = Operating System |
|
1 | |
| Get Info | type = Windows Directory, result_out = C:\Windows |
|
5 |
Process #24: neil_cheese_modern.exe
95
0
| Information | Value |
|---|---|
| ID | #24 |
| File Name | c:\program files (x86)\common files\neil_cheese_modern.exe |
| Command Line | "C:\Program Files (x86)\Common Files\neil_cheese_modern.exe" |
| Initial Working Directory | C:\Program Files (x86)\Common Files\ |
| Monitor | Start Time: 00:01:09, Reason: Injection |
| Unmonitor | End Time: 00:02:05, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:55 |
| Remark | This is a randomly generated process started by the VMRay Analyzer prior to the sample analysis. |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x2b4 |
| Parent PID | 0x45c (c:\windows\explorer.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
920
0x
7C0
0x
BA0
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #1: c:\users\5p5nrgjn0js halpmcxz\desktop\_00270000.mem.exe | 0xa40 | address = 0x30000000, size = 2936832 |
|
1 | |
| Create Remote Thread | #1: c:\users\5p5nrgjn0js halpmcxz\desktop\_00270000.mem.exe | 0xa40 | address = 0x30001982 |
|
1 |
Host Behavior
File (5)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\users\Public\sys | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
5 |
Module (78)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | kernel32.dll | base_address = 0x76c20000 |
|
1 | |
| Load | mpr.dll | base_address = 0x74820000 |
|
1 | |
| Load | advapi32.dll | base_address = 0x74d40000 |
|
1 | |
| Load | ole32.dll | base_address = 0x755e0000 |
|
1 | |
| Load | Shell32.dll | base_address = 0x75fd0000 |
|
1 | |
| Load | Iphlpapi.dll | base_address = 0x74b50000 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = LoadLibraryA, address_out = 0x76c349d7 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLastError, address_out = 0x76c311c0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualFree, address_out = 0x76c3186e |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptExportKey, address_out = 0x74d491ea |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = DeleteFileW, address_out = 0x76c389b3 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetDriveTypeW, address_out = 0x76c3418b |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCommandLineW, address_out = 0x76c35223 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetStartupInfoW, address_out = 0x76c34d40 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindNextFileW, address_out = 0x76c354ee |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualAlloc, address_out = 0x76c31856 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = GetUserNameA, address_out = 0x74d6a4b4 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ExitProcess, address_out = 0x76c37a10 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Wow64RevertWow64FsRedirection, address_out = 0x76c4d668 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateProcessA, address_out = 0x76c31072 |
|
1 | |
| Get Address | c:\windows\syswow64\iphlpapi.dll | function = GetIpNetTable, address_out = 0x74b5e52a |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetVersionExW, address_out = 0x76c31ae5 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Wow64DisableWow64FsRedirection, address_out = 0x76c4d650 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetSystemDefaultLangID, address_out = 0x76c5d346 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = GetUserNameW, address_out = 0x74d5157a |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ReadFile, address_out = 0x76c33ed3 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegQueryValueExA, address_out = 0x74d548ef |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CloseHandle, address_out = 0x76c31410 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegSetValueExW, address_out = 0x74d514d6 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegCloseKey, address_out = 0x74d5469d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileA, address_out = 0x76c558e5 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFileAttributesW, address_out = 0x76c4d4f7 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WinExec, address_out = 0x76cb2c21 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDeriveKey, address_out = 0x74d83188 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptGenKey, address_out = 0x74d48ee9 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Sleep, address_out = 0x76c310ff |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentProcess, address_out = 0x76c31809 |
|
1 | |
| Get Address | c:\windows\syswow64\shell32.dll | function = ShellExecuteW, address_out = 0x75fe3c71 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileSize, address_out = 0x76c3196e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GlobalAlloc, address_out = 0x76c3588e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindClose, address_out = 0x76c34442 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WaitForMultipleObjects, address_out = 0x76c34220 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleFileNameA, address_out = 0x76c314b1 |
|
1 | |
| Get Address | c:\windows\syswow64\shell32.dll | function = ShellExecuteA, address_out = 0x76217078 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleHandleA, address_out = 0x76c31245 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleFileNameW, address_out = 0x76c34950 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFileA, address_out = 0x76c353c6 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileSizeEx, address_out = 0x76c359e2 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WriteFile, address_out = 0x76c31282 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLogicalDrives, address_out = 0x76c35371 |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetEnumResourceW, address_out = 0x74823058 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyExW, address_out = 0x74d5468d |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetCloseEnum, address_out = 0x74822dd6 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetWindowsDirectoryW, address_out = 0x76c343e2 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFileAttributesA, address_out = 0x76c4ecd3 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyExA, address_out = 0x74d54907 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFilePointer, address_out = 0x76c317d1 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetTickCount, address_out = 0x76c3110c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileAttributesW, address_out = 0x76c31b18 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindFirstFileW, address_out = 0x76c34435 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptAcquireContextW, address_out = 0x74d4df14 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = MoveFileExW, address_out = 0x76c49b2d |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetOpenEnumW, address_out = 0x74822f06 |
|
1 | |
| Get Address | c:\windows\syswow64\ole32.dll | function = CoInitialize, address_out = 0x755fb636 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDecrypt, address_out = 0x74d83178 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptImportKey, address_out = 0x74d4c532 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFilePointerEx, address_out = 0x76c4c807 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileW, address_out = 0x76c5830d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FreeLibrary, address_out = 0x76c334c8 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateProcessW, address_out = 0x76c3103d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateDirectoryW, address_out = 0x76c34259 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateThread, address_out = 0x76c334d5 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDestroyKey, address_out = 0x74d4c51a |
|
1 | |
| Get Address | c:\windows\syswow64\ole32.dll | function = CoCreateInstance, address_out = 0x75629d0b |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFileW, address_out = 0x76c33f5c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileAttributesA, address_out = 0x76c35414 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptEncrypt, address_out = 0x74d6779b |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegDeleteValueW, address_out = 0x74d4cf31 |
|
1 |
System (12)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 5000 milliseconds (5.000 seconds) |
|
1 | |
| Sleep | duration = 25000 milliseconds (25.000 seconds) |
|
5 | |
| Get Info | type = Operating System |
|
1 | |
| Get Info | type = Windows Directory, result_out = C:\Windows |
|
5 |
Process #25: tribal_dutch.exe
95
0
| Information | Value |
|---|---|
| ID | #25 |
| File Name | c:\program files\internet explorer\tribal_dutch.exe |
| Command Line | "C:\Program Files\Internet Explorer\tribal_dutch.exe" |
| Initial Working Directory | C:\Program Files\Internet Explorer\ |
| Monitor | Start Time: 00:01:10, Reason: Injection |
| Unmonitor | End Time: 00:02:05, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:55 |
| Remark | This is a randomly generated process started by the VMRay Analyzer prior to the sample analysis. |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x3c0 |
| Parent PID | 0x45c (c:\windows\explorer.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
91C
0x
3B0
0x
BB8
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #1: c:\users\5p5nrgjn0js halpmcxz\desktop\_00270000.mem.exe | 0xa40 | address = 0x30000000, size = 2936832 |
|
1 | |
| Create Remote Thread | #1: c:\users\5p5nrgjn0js halpmcxz\desktop\_00270000.mem.exe | 0xa40 | address = 0x30001982 |
|
1 |
Host Behavior
File (5)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\users\Public\sys | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
5 |
Module (78)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | kernel32.dll | base_address = 0x76c20000 |
|
1 | |
| Load | mpr.dll | base_address = 0x74820000 |
|
1 | |
| Load | advapi32.dll | base_address = 0x74d40000 |
|
1 | |
| Load | ole32.dll | base_address = 0x755e0000 |
|
1 | |
| Load | Shell32.dll | base_address = 0x75fd0000 |
|
1 | |
| Load | Iphlpapi.dll | base_address = 0x74b50000 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = LoadLibraryA, address_out = 0x76c349d7 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLastError, address_out = 0x76c311c0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualFree, address_out = 0x76c3186e |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptExportKey, address_out = 0x74d491ea |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = DeleteFileW, address_out = 0x76c389b3 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetDriveTypeW, address_out = 0x76c3418b |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCommandLineW, address_out = 0x76c35223 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetStartupInfoW, address_out = 0x76c34d40 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindNextFileW, address_out = 0x76c354ee |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualAlloc, address_out = 0x76c31856 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = GetUserNameA, address_out = 0x74d6a4b4 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ExitProcess, address_out = 0x76c37a10 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Wow64RevertWow64FsRedirection, address_out = 0x76c4d668 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateProcessA, address_out = 0x76c31072 |
|
1 | |
| Get Address | c:\windows\syswow64\iphlpapi.dll | function = GetIpNetTable, address_out = 0x74b5e52a |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetVersionExW, address_out = 0x76c31ae5 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Wow64DisableWow64FsRedirection, address_out = 0x76c4d650 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetSystemDefaultLangID, address_out = 0x76c5d346 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = GetUserNameW, address_out = 0x74d5157a |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ReadFile, address_out = 0x76c33ed3 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegQueryValueExA, address_out = 0x74d548ef |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CloseHandle, address_out = 0x76c31410 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegSetValueExW, address_out = 0x74d514d6 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegCloseKey, address_out = 0x74d5469d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileA, address_out = 0x76c558e5 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFileAttributesW, address_out = 0x76c4d4f7 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WinExec, address_out = 0x76cb2c21 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDeriveKey, address_out = 0x74d83188 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptGenKey, address_out = 0x74d48ee9 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Sleep, address_out = 0x76c310ff |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentProcess, address_out = 0x76c31809 |
|
1 | |
| Get Address | c:\windows\syswow64\shell32.dll | function = ShellExecuteW, address_out = 0x75fe3c71 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileSize, address_out = 0x76c3196e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GlobalAlloc, address_out = 0x76c3588e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindClose, address_out = 0x76c34442 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WaitForMultipleObjects, address_out = 0x76c34220 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleFileNameA, address_out = 0x76c314b1 |
|
1 | |
| Get Address | c:\windows\syswow64\shell32.dll | function = ShellExecuteA, address_out = 0x76217078 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleHandleA, address_out = 0x76c31245 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleFileNameW, address_out = 0x76c34950 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFileA, address_out = 0x76c353c6 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileSizeEx, address_out = 0x76c359e2 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WriteFile, address_out = 0x76c31282 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLogicalDrives, address_out = 0x76c35371 |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetEnumResourceW, address_out = 0x74823058 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyExW, address_out = 0x74d5468d |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetCloseEnum, address_out = 0x74822dd6 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetWindowsDirectoryW, address_out = 0x76c343e2 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFileAttributesA, address_out = 0x76c4ecd3 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyExA, address_out = 0x74d54907 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFilePointer, address_out = 0x76c317d1 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetTickCount, address_out = 0x76c3110c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileAttributesW, address_out = 0x76c31b18 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindFirstFileW, address_out = 0x76c34435 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptAcquireContextW, address_out = 0x74d4df14 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = MoveFileExW, address_out = 0x76c49b2d |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetOpenEnumW, address_out = 0x74822f06 |
|
1 | |
| Get Address | c:\windows\syswow64\ole32.dll | function = CoInitialize, address_out = 0x755fb636 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDecrypt, address_out = 0x74d83178 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptImportKey, address_out = 0x74d4c532 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFilePointerEx, address_out = 0x76c4c807 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileW, address_out = 0x76c5830d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FreeLibrary, address_out = 0x76c334c8 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateProcessW, address_out = 0x76c3103d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateDirectoryW, address_out = 0x76c34259 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateThread, address_out = 0x76c334d5 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDestroyKey, address_out = 0x74d4c51a |
|
1 | |
| Get Address | c:\windows\syswow64\ole32.dll | function = CoCreateInstance, address_out = 0x75629d0b |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFileW, address_out = 0x76c33f5c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileAttributesA, address_out = 0x76c35414 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptEncrypt, address_out = 0x74d6779b |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegDeleteValueW, address_out = 0x74d4cf31 |
|
1 |
System (12)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 5000 milliseconds (5.000 seconds) |
|
1 | |
| Sleep | duration = 25000 milliseconds (25.000 seconds) |
|
5 | |
| Get Info | type = Operating System |
|
1 | |
| Get Info | type = Windows Directory, result_out = C:\Windows |
|
5 |
Process #26: centres_guys_ja.exe
95
0
| Information | Value |
|---|---|
| ID | #26 |
| File Name | c:\program files\windows journal\centres_guys_ja.exe |
| Command Line | "C:\Program Files\Windows Journal\centres_guys_ja.exe" |
| Initial Working Directory | C:\Program Files\Windows Journal\ |
| Monitor | Start Time: 00:01:11, Reason: Injection |
| Unmonitor | End Time: 00:02:05, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:54 |
| Remark | This is a randomly generated process started by the VMRay Analyzer prior to the sample analysis. |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x2b0 |
| Parent PID | 0x45c (c:\windows\explorer.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
918
0x
73C
0x
BBC
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #1: c:\users\5p5nrgjn0js halpmcxz\desktop\_00270000.mem.exe | 0xa40 | address = 0x30000000, size = 2936832 |
|
1 | |
| Create Remote Thread | #1: c:\users\5p5nrgjn0js halpmcxz\desktop\_00270000.mem.exe | 0xa40 | address = 0x30001982 |
|
1 |
Host Behavior
File (5)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\users\Public\sys | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
5 |
Module (78)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | kernel32.dll | base_address = 0x76c20000 |
|
1 | |
| Load | mpr.dll | base_address = 0x74820000 |
|
1 | |
| Load | advapi32.dll | base_address = 0x74d40000 |
|
1 | |
| Load | ole32.dll | base_address = 0x755e0000 |
|
1 | |
| Load | Shell32.dll | base_address = 0x75fd0000 |
|
1 | |
| Load | Iphlpapi.dll | base_address = 0x74b50000 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = LoadLibraryA, address_out = 0x76c349d7 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLastError, address_out = 0x76c311c0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualFree, address_out = 0x76c3186e |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptExportKey, address_out = 0x74d491ea |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = DeleteFileW, address_out = 0x76c389b3 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetDriveTypeW, address_out = 0x76c3418b |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCommandLineW, address_out = 0x76c35223 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetStartupInfoW, address_out = 0x76c34d40 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindNextFileW, address_out = 0x76c354ee |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualAlloc, address_out = 0x76c31856 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = GetUserNameA, address_out = 0x74d6a4b4 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ExitProcess, address_out = 0x76c37a10 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Wow64RevertWow64FsRedirection, address_out = 0x76c4d668 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateProcessA, address_out = 0x76c31072 |
|
1 | |
| Get Address | c:\windows\syswow64\iphlpapi.dll | function = GetIpNetTable, address_out = 0x74b5e52a |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetVersionExW, address_out = 0x76c31ae5 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Wow64DisableWow64FsRedirection, address_out = 0x76c4d650 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetSystemDefaultLangID, address_out = 0x76c5d346 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = GetUserNameW, address_out = 0x74d5157a |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ReadFile, address_out = 0x76c33ed3 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegQueryValueExA, address_out = 0x74d548ef |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CloseHandle, address_out = 0x76c31410 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegSetValueExW, address_out = 0x74d514d6 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegCloseKey, address_out = 0x74d5469d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileA, address_out = 0x76c558e5 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFileAttributesW, address_out = 0x76c4d4f7 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WinExec, address_out = 0x76cb2c21 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDeriveKey, address_out = 0x74d83188 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptGenKey, address_out = 0x74d48ee9 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Sleep, address_out = 0x76c310ff |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentProcess, address_out = 0x76c31809 |
|
1 | |
| Get Address | c:\windows\syswow64\shell32.dll | function = ShellExecuteW, address_out = 0x75fe3c71 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileSize, address_out = 0x76c3196e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GlobalAlloc, address_out = 0x76c3588e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindClose, address_out = 0x76c34442 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WaitForMultipleObjects, address_out = 0x76c34220 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleFileNameA, address_out = 0x76c314b1 |
|
1 | |
| Get Address | c:\windows\syswow64\shell32.dll | function = ShellExecuteA, address_out = 0x76217078 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleHandleA, address_out = 0x76c31245 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleFileNameW, address_out = 0x76c34950 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFileA, address_out = 0x76c353c6 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileSizeEx, address_out = 0x76c359e2 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WriteFile, address_out = 0x76c31282 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLogicalDrives, address_out = 0x76c35371 |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetEnumResourceW, address_out = 0x74823058 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyExW, address_out = 0x74d5468d |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetCloseEnum, address_out = 0x74822dd6 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetWindowsDirectoryW, address_out = 0x76c343e2 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFileAttributesA, address_out = 0x76c4ecd3 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyExA, address_out = 0x74d54907 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFilePointer, address_out = 0x76c317d1 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetTickCount, address_out = 0x76c3110c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileAttributesW, address_out = 0x76c31b18 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindFirstFileW, address_out = 0x76c34435 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptAcquireContextW, address_out = 0x74d4df14 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = MoveFileExW, address_out = 0x76c49b2d |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetOpenEnumW, address_out = 0x74822f06 |
|
1 | |
| Get Address | c:\windows\syswow64\ole32.dll | function = CoInitialize, address_out = 0x755fb636 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDecrypt, address_out = 0x74d83178 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptImportKey, address_out = 0x74d4c532 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFilePointerEx, address_out = 0x76c4c807 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileW, address_out = 0x76c5830d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FreeLibrary, address_out = 0x76c334c8 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateProcessW, address_out = 0x76c3103d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateDirectoryW, address_out = 0x76c34259 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateThread, address_out = 0x76c334d5 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDestroyKey, address_out = 0x74d4c51a |
|
1 | |
| Get Address | c:\windows\syswow64\ole32.dll | function = CoCreateInstance, address_out = 0x75629d0b |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFileW, address_out = 0x76c33f5c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileAttributesA, address_out = 0x76c35414 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptEncrypt, address_out = 0x74d6779b |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegDeleteValueW, address_out = 0x74d4cf31 |
|
1 |
System (12)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 5000 milliseconds (5.000 seconds) |
|
1 | |
| Sleep | duration = 25000 milliseconds (25.000 seconds) |
|
5 | |
| Get Info | type = Operating System |
|
1 | |
| Get Info | type = Windows Directory, result_out = C:\Windows |
|
5 |
Process #27: mayor.exe
85
0
| Information | Value |
|---|---|
| ID | #27 |
| File Name | c:\program files (x86)\reference assemblies\mayor.exe |
| Command Line | "C:\Program Files (x86)\Reference Assemblies\mayor.exe" |
| Initial Working Directory | C:\Program Files (x86)\Reference Assemblies\ |
| Monitor | Start Time: 00:01:12, Reason: Injection |
| Unmonitor | End Time: 00:01:34, Reason: Crashed |
| Monitor Duration | 00:00:22 |
| Remark | This is a randomly generated process started by the VMRay Analyzer prior to the sample analysis. |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x694 |
| Parent PID | 0x45c (c:\windows\explorer.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
914
0x
6B4
0x
BC8
0x
35C
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #1: c:\users\5p5nrgjn0js halpmcxz\desktop\_00270000.mem.exe | 0xa40 | address = 0x30000000, size = 2936832 |
|
1 | |
| Create Remote Thread | #1: c:\users\5p5nrgjn0js halpmcxz\desktop\_00270000.mem.exe | 0xa40 | address = 0x30001982 |
|
1 |
Host Behavior
File (1)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\users\Public\sys | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 |
Module (78)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | kernel32.dll | base_address = 0x76c20000 |
|
1 | |
| Load | mpr.dll | base_address = 0x74820000 |
|
1 | |
| Load | advapi32.dll | base_address = 0x74d40000 |
|
1 | |
| Load | ole32.dll | base_address = 0x755e0000 |
|
1 | |
| Load | Shell32.dll | base_address = 0x75fd0000 |
|
1 | |
| Load | Iphlpapi.dll | base_address = 0x74b50000 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = LoadLibraryA, address_out = 0x76c349d7 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLastError, address_out = 0x76c311c0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualFree, address_out = 0x76c3186e |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptExportKey, address_out = 0x74d491ea |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = DeleteFileW, address_out = 0x76c389b3 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetDriveTypeW, address_out = 0x76c3418b |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCommandLineW, address_out = 0x76c35223 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetStartupInfoW, address_out = 0x76c34d40 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindNextFileW, address_out = 0x76c354ee |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualAlloc, address_out = 0x76c31856 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = GetUserNameA, address_out = 0x74d6a4b4 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ExitProcess, address_out = 0x76c37a10 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Wow64RevertWow64FsRedirection, address_out = 0x76c4d668 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateProcessA, address_out = 0x76c31072 |
|
1 | |
| Get Address | c:\windows\syswow64\iphlpapi.dll | function = GetIpNetTable, address_out = 0x74b5e52a |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetVersionExW, address_out = 0x76c31ae5 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Wow64DisableWow64FsRedirection, address_out = 0x76c4d650 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetSystemDefaultLangID, address_out = 0x76c5d346 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = GetUserNameW, address_out = 0x74d5157a |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ReadFile, address_out = 0x76c33ed3 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegQueryValueExA, address_out = 0x74d548ef |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CloseHandle, address_out = 0x76c31410 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegSetValueExW, address_out = 0x74d514d6 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegCloseKey, address_out = 0x74d5469d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileA, address_out = 0x76c558e5 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFileAttributesW, address_out = 0x76c4d4f7 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WinExec, address_out = 0x76cb2c21 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDeriveKey, address_out = 0x74d83188 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptGenKey, address_out = 0x74d48ee9 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Sleep, address_out = 0x76c310ff |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentProcess, address_out = 0x76c31809 |
|
1 | |
| Get Address | c:\windows\syswow64\shell32.dll | function = ShellExecuteW, address_out = 0x75fe3c71 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileSize, address_out = 0x76c3196e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GlobalAlloc, address_out = 0x76c3588e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindClose, address_out = 0x76c34442 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WaitForMultipleObjects, address_out = 0x76c34220 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleFileNameA, address_out = 0x76c314b1 |
|
1 | |
| Get Address | c:\windows\syswow64\shell32.dll | function = ShellExecuteA, address_out = 0x76217078 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleHandleA, address_out = 0x76c31245 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleFileNameW, address_out = 0x76c34950 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFileA, address_out = 0x76c353c6 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileSizeEx, address_out = 0x76c359e2 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WriteFile, address_out = 0x76c31282 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLogicalDrives, address_out = 0x76c35371 |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetEnumResourceW, address_out = 0x74823058 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyExW, address_out = 0x74d5468d |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetCloseEnum, address_out = 0x74822dd6 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetWindowsDirectoryW, address_out = 0x76c343e2 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFileAttributesA, address_out = 0x76c4ecd3 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyExA, address_out = 0x74d54907 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFilePointer, address_out = 0x76c317d1 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetTickCount, address_out = 0x76c3110c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileAttributesW, address_out = 0x76c31b18 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindFirstFileW, address_out = 0x76c34435 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptAcquireContextW, address_out = 0x74d4df14 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = MoveFileExW, address_out = 0x76c49b2d |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetOpenEnumW, address_out = 0x74822f06 |
|
1 | |
| Get Address | c:\windows\syswow64\ole32.dll | function = CoInitialize, address_out = 0x755fb636 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDecrypt, address_out = 0x74d83178 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptImportKey, address_out = 0x74d4c532 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFilePointerEx, address_out = 0x76c4c807 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileW, address_out = 0x76c5830d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FreeLibrary, address_out = 0x76c334c8 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateProcessW, address_out = 0x76c3103d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateDirectoryW, address_out = 0x76c34259 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateThread, address_out = 0x76c334d5 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDestroyKey, address_out = 0x74d4c51a |
|
1 | |
| Get Address | c:\windows\syswow64\ole32.dll | function = CoCreateInstance, address_out = 0x75629d0b |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFileW, address_out = 0x76c33f5c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileAttributesA, address_out = 0x76c35414 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptEncrypt, address_out = 0x74d6779b |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegDeleteValueW, address_out = 0x74d4cf31 |
|
1 |
User (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Lookup Privilege | privilege = SeBackupPrivilege, luid = 17 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 5000 milliseconds (5.000 seconds) |
|
1 | |
| Get Info | type = Operating System |
|
1 | |
| Get Info | type = Windows Directory, result_out = C:\Windows |
|
1 |
Process #28: budget nelson pantyhose.exe
91
0
| Information | Value |
|---|---|
| ID | #28 |
| File Name | c:\program files (x86)\java\budget nelson pantyhose.exe |
| Command Line | "C:\Program Files (x86)\Java\budget nelson pantyhose.exe" |
| Initial Working Directory | C:\Program Files (x86)\Java\ |
| Monitor | Start Time: 00:01:12, Reason: Injection |
| Unmonitor | End Time: 00:01:41, Reason: Crashed |
| Monitor Duration | 00:00:28 |
| Remark | This is a randomly generated process started by the VMRay Analyzer prior to the sample analysis. |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x110 |
| Parent PID | 0x45c (c:\windows\explorer.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
910
0x
444
0x
BCC
0x
1024
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #1: c:\users\5p5nrgjn0js halpmcxz\desktop\_00270000.mem.exe | 0xa40 | address = 0x30000000, size = 2936832 |
|
1 | |
| Create Remote Thread | #1: c:\users\5p5nrgjn0js halpmcxz\desktop\_00270000.mem.exe | 0xa40 | address = 0x30001982 |
|
1 |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\users\Public\sys | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
2 | |
| Create | C:\users\Public\sys | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 |
Module (78)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | kernel32.dll | base_address = 0x76c20000 |
|
1 | |
| Load | mpr.dll | base_address = 0x74820000 |
|
1 | |
| Load | advapi32.dll | base_address = 0x74d40000 |
|
1 | |
| Load | ole32.dll | base_address = 0x755e0000 |
|
1 | |
| Load | Shell32.dll | base_address = 0x75fd0000 |
|
1 | |
| Load | Iphlpapi.dll | base_address = 0x74b50000 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = LoadLibraryA, address_out = 0x76c349d7 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLastError, address_out = 0x76c311c0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualFree, address_out = 0x76c3186e |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptExportKey, address_out = 0x74d491ea |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = DeleteFileW, address_out = 0x76c389b3 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetDriveTypeW, address_out = 0x76c3418b |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCommandLineW, address_out = 0x76c35223 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetStartupInfoW, address_out = 0x76c34d40 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindNextFileW, address_out = 0x76c354ee |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualAlloc, address_out = 0x76c31856 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = GetUserNameA, address_out = 0x74d6a4b4 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ExitProcess, address_out = 0x76c37a10 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Wow64RevertWow64FsRedirection, address_out = 0x76c4d668 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateProcessA, address_out = 0x76c31072 |
|
1 | |
| Get Address | c:\windows\syswow64\iphlpapi.dll | function = GetIpNetTable, address_out = 0x74b5e52a |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetVersionExW, address_out = 0x76c31ae5 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Wow64DisableWow64FsRedirection, address_out = 0x76c4d650 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetSystemDefaultLangID, address_out = 0x76c5d346 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = GetUserNameW, address_out = 0x74d5157a |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ReadFile, address_out = 0x76c33ed3 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegQueryValueExA, address_out = 0x74d548ef |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CloseHandle, address_out = 0x76c31410 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegSetValueExW, address_out = 0x74d514d6 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegCloseKey, address_out = 0x74d5469d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileA, address_out = 0x76c558e5 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFileAttributesW, address_out = 0x76c4d4f7 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WinExec, address_out = 0x76cb2c21 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDeriveKey, address_out = 0x74d83188 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptGenKey, address_out = 0x74d48ee9 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Sleep, address_out = 0x76c310ff |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentProcess, address_out = 0x76c31809 |
|
1 | |
| Get Address | c:\windows\syswow64\shell32.dll | function = ShellExecuteW, address_out = 0x75fe3c71 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileSize, address_out = 0x76c3196e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GlobalAlloc, address_out = 0x76c3588e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindClose, address_out = 0x76c34442 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WaitForMultipleObjects, address_out = 0x76c34220 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleFileNameA, address_out = 0x76c314b1 |
|
1 | |
| Get Address | c:\windows\syswow64\shell32.dll | function = ShellExecuteA, address_out = 0x76217078 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleHandleA, address_out = 0x76c31245 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleFileNameW, address_out = 0x76c34950 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFileA, address_out = 0x76c353c6 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileSizeEx, address_out = 0x76c359e2 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WriteFile, address_out = 0x76c31282 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLogicalDrives, address_out = 0x76c35371 |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetEnumResourceW, address_out = 0x74823058 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyExW, address_out = 0x74d5468d |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetCloseEnum, address_out = 0x74822dd6 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetWindowsDirectoryW, address_out = 0x76c343e2 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFileAttributesA, address_out = 0x76c4ecd3 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyExA, address_out = 0x74d54907 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFilePointer, address_out = 0x76c317d1 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetTickCount, address_out = 0x76c3110c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileAttributesW, address_out = 0x76c31b18 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindFirstFileW, address_out = 0x76c34435 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptAcquireContextW, address_out = 0x74d4df14 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = MoveFileExW, address_out = 0x76c49b2d |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetOpenEnumW, address_out = 0x74822f06 |
|
1 | |
| Get Address | c:\windows\syswow64\ole32.dll | function = CoInitialize, address_out = 0x755fb636 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDecrypt, address_out = 0x74d83178 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptImportKey, address_out = 0x74d4c532 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFilePointerEx, address_out = 0x76c4c807 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileW, address_out = 0x76c5830d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FreeLibrary, address_out = 0x76c334c8 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateProcessW, address_out = 0x76c3103d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateDirectoryW, address_out = 0x76c34259 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateThread, address_out = 0x76c334d5 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDestroyKey, address_out = 0x74d4c51a |
|
1 | |
| Get Address | c:\windows\syswow64\ole32.dll | function = CoCreateInstance, address_out = 0x75629d0b |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFileW, address_out = 0x76c33f5c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileAttributesA, address_out = 0x76c35414 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptEncrypt, address_out = 0x74d6779b |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegDeleteValueW, address_out = 0x74d4cf31 |
|
1 |
User (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Lookup Privilege | privilege = SeBackupPrivilege, luid = 17 |
|
1 |
System (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 5000 milliseconds (5.000 seconds) |
|
1 | |
| Sleep | duration = 25000 milliseconds (25.000 seconds) |
|
2 | |
| Get Info | type = Operating System |
|
1 | |
| Get Info | type = Windows Directory, result_out = C:\Windows |
|
3 |
Process #29: net.exe
0
0
| Information | Value |
|---|---|
| ID | #29 |
| File Name | c:\windows\syswow64\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:01:13, Reason: Child Process |
| Unmonitor | End Time: 00:01:14, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xbd4 |
| Parent PID | 0xa3c (c:\users\5p5nrgjn0js halpmcxz\desktop\_00270000.mem.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
BD8
|
Process #30: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #30 |
| File Name | c:\windows\syswow64\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:01:13, Reason: Child Process |
| Unmonitor | End Time: 00:01:14, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xbec |
| Parent PID | 0xbd4 (c:\windows\syswow64\net.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
BF0
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x74580000 |
|
1 | |
| Get Handle | c:\windows\syswow64\net1.exe | base_address = 0xdc0000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\syswow64\net1.exe, file_name_orig = C:\Windows\SysWOW64\net1.exe, size = 260 |
|
1 |
Service (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-05-13 19:46:19 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 128778 |
|
1 | |
| Get Time | type = Performance Ctr, time = 19329297128 |
|
1 |
Process #31: fence.exe
95
0
| Information | Value |
|---|---|
| ID | #31 |
| File Name | c:\program files\reference assemblies\fence.exe |
| Command Line | "C:\Program Files\Reference Assemblies\fence.exe" |
| Initial Working Directory | C:\Program Files\Reference Assemblies\ |
| Monitor | Start Time: 00:01:13, Reason: Injection |
| Unmonitor | End Time: 00:02:05, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:52 |
| Remark | This is a randomly generated process started by the VMRay Analyzer prior to the sample analysis. |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x128 |
| Parent PID | 0x45c (c:\windows\explorer.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
90C
0x
738
0x
BF4
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #1: c:\users\5p5nrgjn0js halpmcxz\desktop\_00270000.mem.exe | 0xa40 | address = 0x30000000, size = 2936832 |
|
1 | |
| Create Remote Thread | #1: c:\users\5p5nrgjn0js halpmcxz\desktop\_00270000.mem.exe | 0xa40 | address = 0x30001982 |
|
1 |
Host Behavior
File (5)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\users\Public\sys | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
5 |
Module (78)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | kernel32.dll | base_address = 0x76c20000 |
|
1 | |
| Load | mpr.dll | base_address = 0x74820000 |
|
1 | |
| Load | advapi32.dll | base_address = 0x74d40000 |
|
1 | |
| Load | ole32.dll | base_address = 0x755e0000 |
|
1 | |
| Load | Shell32.dll | base_address = 0x75fd0000 |
|
1 | |
| Load | Iphlpapi.dll | base_address = 0x74b50000 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = LoadLibraryA, address_out = 0x76c349d7 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLastError, address_out = 0x76c311c0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualFree, address_out = 0x76c3186e |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptExportKey, address_out = 0x74d491ea |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = DeleteFileW, address_out = 0x76c389b3 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetDriveTypeW, address_out = 0x76c3418b |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCommandLineW, address_out = 0x76c35223 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetStartupInfoW, address_out = 0x76c34d40 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindNextFileW, address_out = 0x76c354ee |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualAlloc, address_out = 0x76c31856 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = GetUserNameA, address_out = 0x74d6a4b4 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ExitProcess, address_out = 0x76c37a10 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Wow64RevertWow64FsRedirection, address_out = 0x76c4d668 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateProcessA, address_out = 0x76c31072 |
|
1 | |
| Get Address | c:\windows\syswow64\iphlpapi.dll | function = GetIpNetTable, address_out = 0x74b5e52a |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetVersionExW, address_out = 0x76c31ae5 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Wow64DisableWow64FsRedirection, address_out = 0x76c4d650 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetSystemDefaultLangID, address_out = 0x76c5d346 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = GetUserNameW, address_out = 0x74d5157a |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ReadFile, address_out = 0x76c33ed3 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegQueryValueExA, address_out = 0x74d548ef |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CloseHandle, address_out = 0x76c31410 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegSetValueExW, address_out = 0x74d514d6 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegCloseKey, address_out = 0x74d5469d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileA, address_out = 0x76c558e5 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFileAttributesW, address_out = 0x76c4d4f7 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WinExec, address_out = 0x76cb2c21 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDeriveKey, address_out = 0x74d83188 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptGenKey, address_out = 0x74d48ee9 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Sleep, address_out = 0x76c310ff |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentProcess, address_out = 0x76c31809 |
|
1 | |
| Get Address | c:\windows\syswow64\shell32.dll | function = ShellExecuteW, address_out = 0x75fe3c71 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileSize, address_out = 0x76c3196e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GlobalAlloc, address_out = 0x76c3588e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindClose, address_out = 0x76c34442 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WaitForMultipleObjects, address_out = 0x76c34220 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleFileNameA, address_out = 0x76c314b1 |
|
1 | |
| Get Address | c:\windows\syswow64\shell32.dll | function = ShellExecuteA, address_out = 0x76217078 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleHandleA, address_out = 0x76c31245 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleFileNameW, address_out = 0x76c34950 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFileA, address_out = 0x76c353c6 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileSizeEx, address_out = 0x76c359e2 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WriteFile, address_out = 0x76c31282 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLogicalDrives, address_out = 0x76c35371 |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetEnumResourceW, address_out = 0x74823058 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyExW, address_out = 0x74d5468d |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetCloseEnum, address_out = 0x74822dd6 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetWindowsDirectoryW, address_out = 0x76c343e2 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFileAttributesA, address_out = 0x76c4ecd3 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyExA, address_out = 0x74d54907 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFilePointer, address_out = 0x76c317d1 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetTickCount, address_out = 0x76c3110c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileAttributesW, address_out = 0x76c31b18 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindFirstFileW, address_out = 0x76c34435 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptAcquireContextW, address_out = 0x74d4df14 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = MoveFileExW, address_out = 0x76c49b2d |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetOpenEnumW, address_out = 0x74822f06 |
|
1 | |
| Get Address | c:\windows\syswow64\ole32.dll | function = CoInitialize, address_out = 0x755fb636 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDecrypt, address_out = 0x74d83178 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptImportKey, address_out = 0x74d4c532 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFilePointerEx, address_out = 0x76c4c807 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileW, address_out = 0x76c5830d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FreeLibrary, address_out = 0x76c334c8 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateProcessW, address_out = 0x76c3103d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateDirectoryW, address_out = 0x76c34259 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateThread, address_out = 0x76c334d5 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDestroyKey, address_out = 0x74d4c51a |
|
1 | |
| Get Address | c:\windows\syswow64\ole32.dll | function = CoCreateInstance, address_out = 0x75629d0b |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFileW, address_out = 0x76c33f5c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileAttributesA, address_out = 0x76c35414 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptEncrypt, address_out = 0x74d6779b |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegDeleteValueW, address_out = 0x74d4cf31 |
|
1 |
System (12)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 5000 milliseconds (5.000 seconds) |
|
1 | |
| Sleep | duration = 25000 milliseconds (25.000 seconds) |
|
5 | |
| Get Info | type = Operating System |
|
1 | |
| Get Info | type = Windows Directory, result_out = C:\Windows |
|
5 |
Process #32: forest.exe
91
0
| Information | Value |
|---|---|
| ID | #32 |
| File Name | c:\program files (x86)\mozilla firefox\forest.exe |
| Command Line | "C:\Program Files (x86)\Mozilla Firefox\forest.exe" |
| Initial Working Directory | C:\Program Files (x86)\Mozilla Firefox\ |
| Monitor | Start Time: 00:01:14, Reason: Injection |
| Unmonitor | End Time: 00:01:43, Reason: Crashed |
| Monitor Duration | 00:00:29 |
| Remark | This is a randomly generated process started by the VMRay Analyzer prior to the sample analysis. |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x244 |
| Parent PID | 0x45c (c:\windows\explorer.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
908
0x
2AC
0x
BFC
0x
1120
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| forest.exe | 0x00FF0000 | 0x01005FFF | Relevant Image | - | 32-bit | - |
|
|
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #1: c:\users\5p5nrgjn0js halpmcxz\desktop\_00270000.mem.exe | 0xa40 | address = 0x30000000, size = 2936832 |
|
1 | |
| Create Remote Thread | #1: c:\users\5p5nrgjn0js halpmcxz\desktop\_00270000.mem.exe | 0xa40 | address = 0x30001982 |
|
1 |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\users\Public\sys | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
2 | |
| Create | C:\users\Public\sys | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 |
Module (78)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | kernel32.dll | base_address = 0x76c20000 |
|
1 | |
| Load | mpr.dll | base_address = 0x74820000 |
|
1 | |
| Load | advapi32.dll | base_address = 0x74d40000 |
|
1 | |
| Load | ole32.dll | base_address = 0x755e0000 |
|
1 | |
| Load | Shell32.dll | base_address = 0x75fd0000 |
|
1 | |
| Load | Iphlpapi.dll | base_address = 0x74b50000 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = LoadLibraryA, address_out = 0x76c349d7 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLastError, address_out = 0x76c311c0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualFree, address_out = 0x76c3186e |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptExportKey, address_out = 0x74d491ea |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = DeleteFileW, address_out = 0x76c389b3 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetDriveTypeW, address_out = 0x76c3418b |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCommandLineW, address_out = 0x76c35223 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetStartupInfoW, address_out = 0x76c34d40 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindNextFileW, address_out = 0x76c354ee |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualAlloc, address_out = 0x76c31856 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = GetUserNameA, address_out = 0x74d6a4b4 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ExitProcess, address_out = 0x76c37a10 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Wow64RevertWow64FsRedirection, address_out = 0x76c4d668 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateProcessA, address_out = 0x76c31072 |
|
1 | |
| Get Address | c:\windows\syswow64\iphlpapi.dll | function = GetIpNetTable, address_out = 0x74b5e52a |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetVersionExW, address_out = 0x76c31ae5 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Wow64DisableWow64FsRedirection, address_out = 0x76c4d650 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetSystemDefaultLangID, address_out = 0x76c5d346 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = GetUserNameW, address_out = 0x74d5157a |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ReadFile, address_out = 0x76c33ed3 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegQueryValueExA, address_out = 0x74d548ef |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CloseHandle, address_out = 0x76c31410 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegSetValueExW, address_out = 0x74d514d6 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegCloseKey, address_out = 0x74d5469d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileA, address_out = 0x76c558e5 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFileAttributesW, address_out = 0x76c4d4f7 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WinExec, address_out = 0x76cb2c21 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDeriveKey, address_out = 0x74d83188 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptGenKey, address_out = 0x74d48ee9 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Sleep, address_out = 0x76c310ff |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentProcess, address_out = 0x76c31809 |
|
1 | |
| Get Address | c:\windows\syswow64\shell32.dll | function = ShellExecuteW, address_out = 0x75fe3c71 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileSize, address_out = 0x76c3196e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GlobalAlloc, address_out = 0x76c3588e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindClose, address_out = 0x76c34442 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WaitForMultipleObjects, address_out = 0x76c34220 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleFileNameA, address_out = 0x76c314b1 |
|
1 | |
| Get Address | c:\windows\syswow64\shell32.dll | function = ShellExecuteA, address_out = 0x76217078 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleHandleA, address_out = 0x76c31245 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleFileNameW, address_out = 0x76c34950 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFileA, address_out = 0x76c353c6 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileSizeEx, address_out = 0x76c359e2 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WriteFile, address_out = 0x76c31282 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLogicalDrives, address_out = 0x76c35371 |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetEnumResourceW, address_out = 0x74823058 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyExW, address_out = 0x74d5468d |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetCloseEnum, address_out = 0x74822dd6 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetWindowsDirectoryW, address_out = 0x76c343e2 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFileAttributesA, address_out = 0x76c4ecd3 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyExA, address_out = 0x74d54907 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFilePointer, address_out = 0x76c317d1 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetTickCount, address_out = 0x76c3110c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileAttributesW, address_out = 0x76c31b18 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindFirstFileW, address_out = 0x76c34435 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptAcquireContextW, address_out = 0x74d4df14 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = MoveFileExW, address_out = 0x76c49b2d |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetOpenEnumW, address_out = 0x74822f06 |
|
1 | |
| Get Address | c:\windows\syswow64\ole32.dll | function = CoInitialize, address_out = 0x755fb636 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDecrypt, address_out = 0x74d83178 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptImportKey, address_out = 0x74d4c532 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFilePointerEx, address_out = 0x76c4c807 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileW, address_out = 0x76c5830d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FreeLibrary, address_out = 0x76c334c8 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateProcessW, address_out = 0x76c3103d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateDirectoryW, address_out = 0x76c34259 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateThread, address_out = 0x76c334d5 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDestroyKey, address_out = 0x74d4c51a |
|
1 | |
| Get Address | c:\windows\syswow64\ole32.dll | function = CoCreateInstance, address_out = 0x75629d0b |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFileW, address_out = 0x76c33f5c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileAttributesA, address_out = 0x76c35414 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptEncrypt, address_out = 0x74d6779b |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegDeleteValueW, address_out = 0x74d4cf31 |
|
1 |
User (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Lookup Privilege | privilege = SeBackupPrivilege, luid = 17 |
|
1 |
System (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 5000 milliseconds (5.000 seconds) |
|
1 | |
| Sleep | duration = 25000 milliseconds (25.000 seconds) |
|
2 | |
| Get Info | type = Operating System |
|
1 | |
| Get Info | type = Windows Directory, result_out = C:\Windows |
|
3 |
Process #33: net.exe
0
0
| Information | Value |
|---|---|
| ID | #33 |
| File Name | c:\windows\syswow64\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:01:25, Reason: Child Process |
| Unmonitor | End Time: 00:01:29, Reason: Self Terminated |
| Monitor Duration | 00:00:04 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xa70 |
| Parent PID | 0xa3c (c:\users\5p5nrgjn0js halpmcxz\desktop\_00270000.mem.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
A8C
|
Process #34: net.exe
0
0
| Information | Value |
|---|---|
| ID | #34 |
| File Name | c:\windows\syswow64\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:01:26, Reason: Child Process |
| Unmonitor | End Time: 00:01:29, Reason: Self Terminated |
| Monitor Duration | 00:00:03 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xa98 |
| Parent PID | 0xa3c (c:\users\5p5nrgjn0js halpmcxz\desktop\_00270000.mem.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
AA8
|
Process #35: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #35 |
| File Name | c:\windows\syswow64\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:01:28, Reason: Child Process |
| Unmonitor | End Time: 00:01:28, Reason: Self Terminated |
| Monitor Duration | 00:00:00 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x380 |
| Parent PID | 0xa98 (c:\windows\syswow64\net.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
B64
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x74110000 |
|
1 | |
| Get Handle | c:\windows\syswow64\net1.exe | base_address = 0x450000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\syswow64\net1.exe, file_name_orig = C:\Windows\SysWOW64\net1.exe, size = 260 |
|
1 |
Service (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-05-13 19:46:33 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 143318 |
|
1 | |
| Get Time | type = Performance Ctr, time = 20852225871 |
|
1 |
Process #36: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #36 |
| File Name | c:\windows\syswow64\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:01:28, Reason: Child Process |
| Unmonitor | End Time: 00:01:29, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xb8c |
| Parent PID | 0xa70 (c:\windows\syswow64\net.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
AF0
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x74540000 |
|
1 | |
| Get Handle | c:\windows\syswow64\net1.exe | base_address = 0x450000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\syswow64\net1.exe, file_name_orig = C:\Windows\SysWOW64\net1.exe, size = 260 |
|
1 |
Service (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-05-13 19:46:33 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 143474 |
|
1 | |
| Get Time | type = Performance Ctr, time = 20866332553 |
|
1 |
Process #37: net.exe
0
0
| Information | Value |
|---|---|
| ID | #37 |
| File Name | c:\windows\syswow64\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:01:37, Reason: Child Process |
| Unmonitor | End Time: 00:01:39, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xf94 |
| Parent PID | 0xa3c (c:\users\5p5nrgjn0js halpmcxz\desktop\_00270000.mem.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
F98
|
Process #38: net.exe
0
0
| Information | Value |
|---|---|
| ID | #38 |
| File Name | c:\windows\syswow64\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:01:38, Reason: Child Process |
| Unmonitor | End Time: 00:01:39, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xfc0 |
| Parent PID | 0xa3c (c:\users\5p5nrgjn0js halpmcxz\desktop\_00270000.mem.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
FC4
|
Process #39: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #39 |
| File Name | c:\windows\syswow64\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:01:38, Reason: Child Process |
| Unmonitor | End Time: 00:01:39, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x6e8 |
| Parent PID | 0xf94 (c:\windows\syswow64\net.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
F80
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x74580000 |
|
1 | |
| Get Handle | c:\windows\syswow64\net1.exe | base_address = 0xa60000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\syswow64\net1.exe, file_name_orig = C:\Windows\SysWOW64\net1.exe, size = 260 |
|
1 |
Service (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-05-13 19:46:43 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 153270 |
|
1 | |
| Get Time | type = Performance Ctr, time = 21881318962 |
|
1 |
Process #40: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #40 |
| File Name | c:\windows\syswow64\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:01:38, Reason: Child Process |
| Unmonitor | End Time: 00:01:39, Reason: Self Terminated |
| Monitor Duration | 00:00:00 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xf9c |
| Parent PID | 0xfc0 (c:\windows\syswow64\net.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
7B4
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x74780000 |
|
1 | |
| Get Handle | c:\windows\syswow64\net1.exe | base_address = 0xa60000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\syswow64\net1.exe, file_name_orig = C:\Windows\SysWOW64\net1.exe, size = 260 |
|
1 |
Service (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-05-13 19:46:43 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 153504 |
|
1 | |
| Get Time | type = Performance Ctr, time = 21904300841 |
|
1 |
Process #41: net.exe
0
0
| Information | Value |
|---|---|
| ID | #41 |
| File Name | c:\windows\syswow64\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Program Files (x86)\Mozilla Maintenance Service\ |
| Monitor | Start Time: 00:01:47, Reason: Child Process |
| Unmonitor | End Time: 00:01:50, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x1ce0 |
| Parent PID | 0x15c (c:\program files (x86)\mozilla maintenance service\violations_accompanying_show.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
1CE4
|
Process #42: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #42 |
| File Name | c:\windows\syswow64\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Program Files (x86)\Mozilla Maintenance Service\ |
| Monitor | Start Time: 00:01:47, Reason: Child Process |
| Unmonitor | End Time: 00:01:50, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x1cf8 |
| Parent PID | 0x1ce0 (c:\windows\syswow64\net.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
1CFC
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x74780000 |
|
1 | |
| Get Handle | c:\windows\syswow64\net1.exe | base_address = 0x990000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\syswow64\net1.exe, file_name_orig = C:\Windows\SysWOW64\net1.exe, size = 260 |
|
1 |
Service (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-05-13 19:46:53 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 162958 |
|
1 | |
| Get Time | type = Performance Ctr, time = 22852572354 |
|
1 |
Process #43: net.exe
0
0
| Information | Value |
|---|---|
| ID | #43 |
| File Name | c:\windows\syswow64\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:01:51, Reason: Child Process |
| Unmonitor | End Time: 00:01:53, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x1ea8 |
| Parent PID | 0xa3c (c:\users\5p5nrgjn0js halpmcxz\desktop\_00270000.mem.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
1EAC
|
Process #44: net.exe
0
0
| Information | Value |
|---|---|
| ID | #44 |
| File Name | c:\windows\syswow64\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:01:51, Reason: Child Process |
| Unmonitor | End Time: 00:01:53, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x1eb0 |
| Parent PID | 0xa3c (c:\users\5p5nrgjn0js halpmcxz\desktop\_00270000.mem.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
1EB4
|
Process #45: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #45 |
| File Name | c:\windows\syswow64\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:01:53, Reason: Child Process |
| Unmonitor | End Time: 00:01:53, Reason: Self Terminated |
| Monitor Duration | 00:00:00 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x1f40 |
| Parent PID | 0x1eb0 (c:\windows\syswow64\net.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
1EDC
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x74770000 |
|
1 | |
| Get Handle | c:\windows\syswow64\net1.exe | base_address = 0xfd0000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\syswow64\net1.exe, file_name_orig = C:\Windows\SysWOW64\net1.exe, size = 260 |
|
1 |
Service (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-05-13 19:46:57 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 167482 |
|
1 | |
| Get Time | type = Performance Ctr, time = 23305878674 |
|
1 |
Process #46: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #46 |
| File Name | c:\windows\syswow64\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:01:53, Reason: Child Process |
| Unmonitor | End Time: 00:01:53, Reason: Self Terminated |
| Monitor Duration | 00:00:00 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x2004 |
| Parent PID | 0x1ea8 (c:\windows\syswow64\net.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
2008
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x74770000 |
|
1 | |
| Get Handle | c:\windows\syswow64\net1.exe | base_address = 0xfd0000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\syswow64\net1.exe, file_name_orig = C:\Windows\SysWOW64\net1.exe, size = 260 |
|
1 |
Service (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-05-13 19:46:57 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 167498 |
|
1 | |
| Get Time | type = Performance Ctr, time = 23307579720 |
|
1 |
Process #47: net.exe
0
0
| Information | Value |
|---|---|
| ID | #47 |
| File Name | c:\windows\syswow64\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Program Files (x86)\Mozilla Maintenance Service\ |
| Monitor | Start Time: 00:01:58, Reason: Child Process |
| Unmonitor | End Time: 00:01:59, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x20cc |
| Parent PID | 0x15c (c:\program files (x86)\mozilla maintenance service\violations_accompanying_show.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
20D0
|
Process #48: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #48 |
| File Name | c:\windows\syswow64\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Program Files (x86)\Mozilla Maintenance Service\ |
| Monitor | Start Time: 00:01:58, Reason: Child Process |
| Unmonitor | End Time: 00:01:59, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x20e4 |
| Parent PID | 0x20cc (c:\windows\syswow64\net.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
20E8
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x74780000 |
|
1 | |
| Get Handle | c:\windows\syswow64\net1.exe | base_address = 0xb10000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\syswow64\net1.exe, file_name_orig = C:\Windows\SysWOW64\net1.exe, size = 260 |
|
1 |
Service (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-05-13 19:47:03 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 172880 |
|
1 | |
| Get Time | type = Performance Ctr, time = 23845538643 |
|
1 |
Process #49: net.exe
0
0
| Information | Value |
|---|---|
| ID | #49 |
| File Name | c:\windows\syswow64\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:02:02, Reason: Child Process |
| Unmonitor | End Time: 00:02:05, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x2008 |
| Parent PID | 0xa3c (c:\users\5p5nrgjn0js halpmcxz\desktop\_00270000.mem.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
1F40
|
Process #50: net.exe
0
0
| Information | Value |
|---|---|
| ID | #50 |
| File Name | c:\windows\syswow64\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:02:02, Reason: Child Process |
| Unmonitor | End Time: 00:02:05, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x1ce0 |
| Parent PID | 0xa3c (c:\users\5p5nrgjn0js halpmcxz\desktop\_00270000.mem.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
1EB4
|
Process #51: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #51 |
| File Name | c:\windows\syswow64\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:02:02, Reason: Child Process |
| Unmonitor | End Time: 00:02:04, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x20e4 |
| Parent PID | 0x1ce0 (c:\windows\syswow64\net.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
20D0
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x74510000 |
|
1 | |
| Get Handle | c:\windows\syswow64\net1.exe | base_address = 0xe60000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\syswow64\net1.exe, file_name_orig = C:\Windows\SysWOW64\net1.exe, size = 260 |
|
1 |
Service (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-05-13 19:47:07 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 177513 |
|
1 | |
| Get Time | type = Performance Ctr, time = 24308762207 |
|
1 |
Process #52: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #52 |
| File Name | c:\windows\syswow64\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:02:02, Reason: Child Process |
| Unmonitor | End Time: 00:02:04, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x20cc |
| Parent PID | 0x2008 (c:\windows\syswow64\net.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
20DC
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x74770000 |
|
1 | |
| Get Handle | c:\windows\syswow64\net1.exe | base_address = 0xe60000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\syswow64\net1.exe, file_name_orig = C:\Windows\SysWOW64\net1.exe, size = 260 |
|
1 |
Service (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-05-13 19:47:07 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 177482 |
|
1 | |
| Get Time | type = Performance Ctr, time = 24305363515 |
|
1 |
