bs03u4lh.exe
Windows Exe (x86-32)
Created at 2019-05-21T16:12:00
Monitored Processes
Behavior Information - Grouped by Category
Process #1: bs03u4lh.exe
38625
0
| Information | Value |
|---|---|
| ID | #1 |
| File Name | c:\users\5p5nrgjn0js halpmcxz\desktop\bs03u4lh.exe |
| Command Line | "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\bs03u4lh.exe" |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:01:50, Reason: Analysis Target |
| Unmonitor | End Time: 00:03:22, Reason: Self Terminated |
| Monitor Duration | 00:01:32 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xb8c |
| Parent PID | 0x45c (c:\windows\explorer.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
B90
0x
BA8
0x
BAC
0x
BB0
0x
808
0x
818
0x
82C
0x
83C
0x
99C
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| bs03u4lh.exe | 0x00400000 | 0x004CCFFF | Relevant Image | - | 32-bit | - |
|
|
|
| buffer | 0x002E0000 | 0x002ECFFF | First Execution | - | 32-bit | 0x002E17AE, 0x002E29BE, ... |
|
|
|
| bs03u4lh.exe | 0x00400000 | 0x004CCFFF | Process Termination | - | 32-bit | - |
|
|
|
Dropped Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| \\?\C:\bootmgr.NHCR | 374.79 KB |
MD5:
259525cfb422e6ac8e87bc9777b1df73
SHA1: 7a2ac87b31aa40a1ea92eb34410305fac9f8bc6a SHA256: 0769a292114dfe181dc4931159c24cd7adb6a3f3823177e40eb45ee59688ea4a SSDeep: 6144:lSjzP3sVgTkndKzy1mVsEdUISLEoad8k33TW45/vPB1dTM3BMnOb:4vPnTk89VfdUPEJBTW45X/dTM3m4 |
|
|
| \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml | 1.53 KB |
MD5:
32b5b219d97523c6f44dbd437adf2e3b
SHA1: e2b42c4321262d75605f5c1c911370c32e6b2743 SHA256: 5e9f9ba095a94e671bc42017787564f82e8e6b2295ee579d8573147a4da803c7 SSDeep: 24:4LWBLy+hhtK27g6YMfNMCBifLfmbTiXTw6DNNww6D2rJRkMkRq1UgJiXBrQL31VL:46++ftd7g61oITiXxrTFXSBkyUfUgZ |
|
|
| \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab.NHCR | 14.13 MB |
MD5:
3f36140c27a86a66f2ec3ca390068a8c
SHA1: 1aea3e750dd063c66c8fed32f5a3638d53c5e0dc SHA256: ca9324388b5c03b095f605eed1ef73e61b3b4ce8900bdf9b51d1f19961b7a547 SSDeep: 196608:TIwm3nNVAl+ig71eZ8FclBElWHp8byLbyo9crpLlR8ioLO0ZF9CrpbQ:OL71eiFgepGHyo2rpLkcoCrpbQ |
|
|
| \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml | 1.76 KB |
MD5:
5fa08c2cc2f765c416bf0c431d4f3b47
SHA1: f67ce3121940b45756457d270e7f734230565823 SHA256: 9d18b9fd183263e9b93cee917c8c39dd958c87182a9e583ebbf8a48e745570b9 SSDeep: 24:4LWBDj6ErLar3tBE9RsHmJjBfSRZI10vx54BsZH5mXymhzBd7ryDx8RzJvLPv3wu:46DprLW8UwfSR55qBEH5G1BtQ+vjv4c3 |
|
|
| \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab.NHCR | 13.01 MB |
MD5:
0ed5eefb6eb88cb58c53870be732aee6
SHA1: 1f1f723c3b3857e8c36589ccd8fc951733fbac0f SHA256: a9333230c90675b293f4cba23e6eea40f8ed05c6b32c9e46bedf8a935d6cd633 SSDeep: 196608:KQu6eDsIwHBL4B9lCzT2bOgBoDuihGYrLpVUBJ/7HAFGtNy6aMhnRTU+:K+qsIwHNB26gfE7e/7JNMM5RTU+ |
|
|
| \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml | 1.42 KB |
MD5:
0a3ac3a874592904a6a3ddf77ea13256
SHA1: 483d75f08a1ca4b8b74c907f0734bb37fdd8b10f SHA256: 436686dc03ac8d875b59741f19d0a0a84e935a46bcd5bf8e045b7ab8425aa37a SSDeep: 24:4LWB8OVjVBZXf9OF+JoRW+J2V2P4b4YLp4YJ8w6DNDc6we6mVGDJhtfUCfBRcR5c:46hlZXfqKsixWA6Dc6z6mepUIcYTz |
|
|
| \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml | 1.42 KB |
MD5:
622ed42424ecbb3d991d57fc22285739
SHA1: fa87d7a97dd8a476db056f5029763e605fb1531a SHA256: 40a46e0f836b0313ace1d92f977d8d842bb662efc85ad343aa2a7cb55a564195 SSDeep: 24:4LWB94RMNqtZX+9OthF+JoRW+J2V7q+0tpv9hw6D82L6CMclZneLPA+pUMR33:4694RMNqtZX+eKs+ApQ2uCfZnejA+pUa |
|
|
| \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml | 811 bytes |
MD5:
509d7c9aa92ce027aa3317bb03ff180c
SHA1: 1e9c841f0c8175eab292c06c8f64379dd15ee183 SHA256: 75bb089ea8bf2c15756771f41421d82c50ace0ce02e3c210c40d2a811b3482e2 SSDeep: 24:4LWBsOWN8U6aoGbC5oR5tri5N8mR5+OfcR5+K+Wm:46HgoY/MKWYOfcYK+Wm |
|
|
| \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml | 1.20 KB |
MD5:
e0b53850b9568d6582c92b79d89037cf
SHA1: e89953178f2d61877b9c983c05e5c66b303caf55 SHA256: f64cf6d3b59c7d21463c179cefe4e3bfa3eef8b9307e07d7453e1c0579c2f26d SSDeep: 24:4LWB24qCi9RcxaqphtBfSR6TBRsdHL8tJzsEm/zvV5N8mR5++J8UNo:4624Rikxa6dfSR6OuAbnKWY+OUK |
|
|
| \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml | 1.81 KB |
MD5:
8aa44fd454012e1b6bd631b27c927e42
SHA1: afcc8bfb89b61cda8076093769c021a37ef96d5c SHA256: ee8c13db5055ef0c03ebc7a4385b03e62838e433260eaf334efce9be8fcfa8a3 SSDeep: 48:46FFBv8bNao56dq+/+YB5nl2GvFEFB5RwMcjp:4/4Fdn9lFvEB1cjp |
|
|
| \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\1033\dwintl20.dll.NHCR | 105.38 KB |
MD5:
0d9226ff65d020e2dc28f3b0a45a97df
SHA1: 0c88d75e00b551f1c639f25f784d650d04afa898 SHA256: fe5d401b4310e6e7183125b6e11caff4755ac442f7014f5c8bb8d1856fd92cd8 SSDeep: 768:m0ObcR1RkEUaXYzcQ0LQrw3/VfMNRk5H7gkmSJNlXuN0Ajdvr6FnxXKFXEX:/rR1yEU10LQA/qmWY20AjdTwlKFXe |
|
|
| \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.msi.NHCR | 2.40 MB |
MD5:
30a9a34c330274793aa8d941b5d207e8
SHA1: 0af356cf8db7b2d2e428d1013839002d26fb0b6e SHA256: d764f715854de9e3d272c2d4c0a34bd2a73a4fb48860807cf0d005a8e8283c65 SSDeep: 49152:b0KDxL8QBoI9eljidTex4S120ytJyhamLCj7:b0KR89EQ1o |
|
|
| \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.msi.NHCR | 1.90 MB |
MD5:
6c40f3d9705e1a6af978093bcf29d317
SHA1: 86bca9cad3c1091d886089d7f213d5afa4f28041 SHA256: e57562949b149e6d366f56b27ba9dcdaf050d8f5f1e4e11a16bcafd06019012d SSDeep: 24576:evsS646cg4svTxhF6WBckmh7EgVEG8o93s0ZWdrU+MAR+acIty0BqEI2S+o0k4Xc:eh6bHWLhHEGr0BqEI2S |
|
|
| \\?\C:\# DECRYPT MY FILES #.txt | 1.22 KB |
MD5:
ede13b21233ca85f199e27d62e3481dc
SHA1: f7c3631fbff9a1b521c91e52336c1c74732e492a SHA256: 371f5d64768e311faf4bb7f0e4c6f723bff741103bf04ab60d4d2b10d1341e2f SSDeep: 24:scyXQmGr9yd9VfJwu9r73tLLrUtU3h8Y4iy9c7sHmq:wQmW9eZd97dLLgG3h8rijO1 |
|
|
| \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml.NHCR | 2.24 KB |
MD5:
f8a19ac5118217f228f4b3d15468f52c
SHA1: 01d919e6499274af9de3dfdc6c8b202e02ef664d SHA256: b0303b69a56a1176419b8ce6ef4ecfa8ae84c4df0ce9241d39fdb1b5ec5d61a6 SSDeep: 48:46blJTfn57yG2kbHhksKXGjzt5mUT1Qg/OoEdvPq4iwg/WSlsmlT:443fn52Q+cTL2oEdv0wg/XCm5 |
|
|
| \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi.NHCR | 2.39 MB |
MD5:
3003e10327d414ef1e46068e9d091a59
SHA1: 95c35f978c2e1f457442cdc1839f57b3e12b5e5b SHA256: 9cde240207b7e950df2a6b8c1c20bedbaa76dd73ee90f523480fa13307e3271c SSDeep: 49152:q0KDxL8QBoI9eljidTex4S120ytJyha16CZt:q0KR89EQ1o |
|
|
| \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab.NHCR | 10.00 MB |
MD5:
adbc1eccd44dc4f22b12bd479f5b1a59
SHA1: ada4f4a6b26fd56fa47fe70e257cf68fea08fad9 SHA256: d1561f6533472be68eba8606b7615deaaddfe684367993f552e0a13a48a22857 SSDeep: 196608:54KKCX5FvaeoDcBdxmOJR7nxOKOmE7dzaNQwr:54KKCX5FvaVczxmUJnYSE7dzAT |
|
|
| \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi.NHCR | 2.73 MB |
MD5:
f9a9f478a70c981089ffc72a7456adff
SHA1: 0456a3af325516042ad3129eec531b2f85d2444d SHA256: b601ed52f8423b31664a62c27b10bfff6daa0c356520a4330bc5683b72f671e6 SSDeep: 49152:14QHYLL/Wo9kLljb1R6rOSN20yRJ63PooFMP+:14QqLVe6vj |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\encrypted_key.bin | 684 bytes |
MD5:
a87d256f5f4e289cc5aa2932c771cdfa
SHA1: 66d29d9131e88dbc839420430ec835f5013b6ff2 SHA256: ce466b9810249764ff06edebd9cc81378f834ca501f111f0c8af56a84a5d20b0 SSDeep: 12:9VYISEji4CGrIqW2riSwdVI3hTw2VLb7EKpy9cezvPyh7sKuadq:VLLrUtU3h8Y4iy9c7sHmq |
|
|
| \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml | 1.42 KB |
MD5:
0635cdf96bbacd3d4a8671b1804c4e67
SHA1: d37242bbbf7970fa1334e10a162dd34a6b61193d SHA256: fedaf0ba550d1500eb031054a04abf5d779c27124a756d8f1c2fdcd8e5822fe1 SSDeep: 24:4LWBENtZjb1RZi/nhP+ZXa9OF+JoRW+J2UzseB6RMzR7HidY3FRqn1j/8UjYNdjZ:46ENtZjbLZifhGZXaqKUTBaMlbFun1jW |
|
|
| \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml | 1.84 KB |
MD5:
751e7b0d879201c21eb164ffdfff9cce
SHA1: a6804d5e917a454ceb5002e9527af0e5cc2cf195 SHA256: a9bcf07785771fe64ac8a5b5510d4103f5ccba26b2e577e872f1bbcfaa6daf1a SSDeep: 48:46iKB7qxjkeMqNFSXh/AkrQ2v98S4vEu5H9/8+ldie:4OYjT/WCkr5uRcu5Ha+h |
|
|
| \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml | 1.42 KB |
MD5:
f75f4b5dfd7aa5c07c8a57ec2576014f
SHA1: cf5b1566fe6fac670f3980f6b39dfb6647fb8c14 SHA256: c3b221278ff667a0eaad11e99531630e5e80327f924de624be017d069a8056fa SSDeep: 24:4LWBbedqrik2SNxC5oR54Jw6D1cYEL9aD0Rd7itJzsftRrB6A+0Uyibjlzs7:46b8qb6cYErgi4A+btflo |
|
|
| \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml | 1.57 KB |
MD5:
e9acb2e60d1b75eab153c46bc84096c9
SHA1: 9afcb0fcfe7b86f391a00fc2bc3201edfbf0cfb5 SHA256: 28d42d40c71ec2e2a08a77504ff9da83949cbc7eb98f8b66a428d380d404c412 SSDeep: 24:4LWBKaNmJNl8pp/8QRRkbb8g9WlMcV/I9B5MOI5fg2EC0oa+NAaVCyp7FhTfIW4Y:46KaYJNlc1kbHhj9vMgoacIWCBmlT |
|
|
| \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml.NHCR | 4.11 KB |
MD5:
1097f77415e54d63c575d166b488f19f
SHA1: 8b963a197bfc3cf250bc24cb133c3b1b370365bf SHA256: 0d2f841435f89863f1b29b2adcca3cfd702e806f1edd372b66d5c61cfb70f88e SSDeep: 96:4jB/2amlrO1FYHXTH0bhuwZynZMvgkS7jP6fX:4t//oq163j0bhuL7kS7js |
|
|
| \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi.NHCR | 2.41 MB |
MD5:
a5c0697ec176096554fe7e74d0d63eee
SHA1: 571402e1f0a2be0804f63ce0d0fc7b9d7043f1f3 SHA256: c2256c8b5d223b119ade770d27921c62cf9d7770afb43c7b0c01fb3731992da3 SSDeep: 49152:s0KDxL8QBoI9eljidTex4S120ytJyhaM6CLC:s0KR89EQ1o |
|
|
| \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi.NHCR | 855.00 KB |
MD5:
37800fb8973738356f47e35562526df9
SHA1: 0ef7b3087f3dc52d75c86cc01eb82b066a6b5616 SHA256: 9a78766a4a19f08bc52b0e339f4ea728e776934688b40737c690fa42b3696e75 SSDeep: 24576:FS64Zcg4sRj2npo0g4zBVi1zKYvO8QPi4x3P6WBWkmf3egDqo8o9370Pv6Yw:M6JzgLf7qo6Pv6Y |
|
|
| \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml | 1.32 KB |
MD5:
1550289f98c2dea2643740f2d9484e46
SHA1: 31b5a518229813d21f8fbfbd4c9bd3e67c8d07bb SHA256: a59e44d4b991517c12b06038413c6e2658c95e74a0b0efa5016f24127b1f4774 SSDeep: 24:4LWBjIRjHFb4JZXw9OJDTiXTw6DhZgbLNjVKhmhQxORxxElzR5htfUCfBRcR5+KO:46Ehl8ZXwwDTiXavUkxsBUIcYK+Wm |
|
|
| \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi.NHCR | 865.00 KB |
MD5:
ac8d95045485417a7507bf6af8100cd6
SHA1: 1270495ceadabf588614f5ce663349c70213c7f2 SHA256: 90fac19ded061877035fae627b91321eba4944955106dc90db650f1c57880981 SSDeep: 24576:pS64Tcg4sRj2npo0g4zBVi1zKYvOwQPmzxnP6WBzkm83xgDBo8o93m9XLH5X:w6sDxL8QBo6XLH5 |
|
|
| \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml | 1.35 KB |
MD5:
3076b6c75b20e938b74fa29a4e74f128
SHA1: 14cb072ff96a6bb16827295ff18cb67fdf516914 SHA256: 180ca3f6fe46a03914f5c90c298fbdb39dfdc988e93126e392062b2db61c3623 SSDeep: 24:4LWBgR6HUZzgZNw9RiRe6F+JoRW+J2QdC1ND16eFWzspi8R181UgJi5N8mR5++Jc:46/sWwaeIKQd66eFDAMKWY+OUK |
|
|
| \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab.NHCR | 18.00 MB |
MD5:
38c3eb3a0cd9f6b1828495c53bdca609
SHA1: 58256f3020a6950068fdb5feed310f38b896c23a SHA256: cf69b21ab817c3ac8fc50ddb33565da230789e42409fcee031dc124679131645 SSDeep: 196608:H0aDH9F7/iHXDI2CPKBUq6qMuGm9vqrRxoi93nnedBwzSlmKwDhANZbPhn:HNDdFDX2J5uuGyCEi9uIQmlANRh |
|
|
| C:\Users\5P5NRG~1\AppData\Local\Tempdesk.bmp | 3.71 MB |
MD5:
20662257296aceaf751a836a99ab063a
SHA1: fd76aa0ef24b2ff72f522e3d519fe63a59624e6b SHA256: 6d75a63449a162452d417da432a658e9dc4b1bcf2c78990f6174c9cb9a6757c3 SSDeep: 98304:rV/4epdRpgrVspkkE6E7lWSPGYz3VYosjE7ma8AK1WqGyt7:R/Hn/grnk5E5W+GYbsjElQ6yt7 |
|
|
| \\?\C:\BOOTSECT.BAK.NHCR | 8.00 KB |
MD5:
773df45195d897d9c43cc0bb5edd65d7
SHA1: 7ecefaef312238ad95e093e51ba19da303a32364 SHA256: 90bf6497eb2a62400d9489a893e3d321c617eb9c4892c72ffd112a713a7b6252 SSDeep: 96:Fih3A0tObUFtMHhHSxBIuxbLjnYEk05x+X7bdbgjs2Z1owIzxbr:Ue0td+HhImulLjnwq4dKsXwIFbr |
|
|
| \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab.NHCR | 10.00 MB |
MD5:
b9bafc135b920f093145b5da53c61640
SHA1: ff1efbfbc2e85b081b9974a987502df57972e30f SHA256: f247ec296b2f5dd6676487c0925ef85493d616439eb24a18d0b60e04c7a791d1 SSDeep: 196608:Gba8A7fKP0ReD0wXKLUEfRrDXP2ifogB+jHcSBLWiyvyWJRMLhdPWfi:0aRDKP0q0wM9JrL2ifJEjhW/6vL3Ai |
|
|
| \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi.NHCR | 2.39 MB |
MD5:
ddbd5252ea0802a45e65970a61eaa877
SHA1: 82d2dd47680a9a1bd61f7a5a7121cf767d395cc3 SHA256: 54fd59f8736f0a0966861c6663d8f2e93c0bbfac6cdb4f2955b0a7a815d14857 SSDeep: 49152:q0KDxL8QBoI9eljidTex4S120ytJyham6Co6:q0KR89EQ1o |
|
|
| \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml.NHCR | 3.11 KB |
MD5:
813e9742d8ccdb8d8b2b003d6fe88ce7
SHA1: bbcce9a8e423940c481cd98144ba62e7f22032e5 SHA256: 6e0e92ee3589594100fa36dc23a32c1eac3e6cab521004bf9da6fa647af888ec SSDeep: 48:46Goc9u9mQvjvkiaa5hw6fJ2jWoMgQO6eSy6wh0GiDNuBE6/cpx:4J9uoQ7cba5h9xIgfaSy6whckE6/Y |
|
|
| \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab.NHCR | 2.70 MB |
MD5:
f34d6aea97a3eff7b9655d11d370bf25
SHA1: df4c0d9323ae81ed2c34e9a8f4be087d783fe5c9 SHA256: 4d66561ca62cffda1a030a3922aea55bd2187eb0d26f0482fb1f93457ad19d12 SSDeep: 49152:/lwmxJIKCfK/j+YLHOjuR9O1bNjRwjnT7fWc/U4CS84WfOawmjVPBXuqjEmxAcFz:/qmxJvCfKb+YLH0uRcbj2jR84gO7mjui |
|
|
Modified Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml | 1.53 KB |
MD5:
32b5b219d97523c6f44dbd437adf2e3b
SHA1: e2b42c4321262d75605f5c1c911370c32e6b2743 SHA256: 5e9f9ba095a94e671bc42017787564f82e8e6b2295ee579d8573147a4da803c7 SSDeep: 24:4LWBLy+hhtK27g6YMfNMCBifLfmbTiXTw6DNNww6D2rJRkMkRq1UgJiXBrQL31VL:46++ftd7g61oITiXxrTFXSBkyUfUgZ |
|
|
| \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml | 1.76 KB |
MD5:
5fa08c2cc2f765c416bf0c431d4f3b47
SHA1: f67ce3121940b45756457d270e7f734230565823 SHA256: 9d18b9fd183263e9b93cee917c8c39dd958c87182a9e583ebbf8a48e745570b9 SSDeep: 24:4LWBDj6ErLar3tBE9RsHmJjBfSRZI10vx54BsZH5mXymhzBd7ryDx8RzJvLPv3wu:46DprLW8UwfSR55qBEH5G1BtQ+vjv4c3 |
|
|
| \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml | 1.42 KB |
MD5:
0a3ac3a874592904a6a3ddf77ea13256
SHA1: 483d75f08a1ca4b8b74c907f0734bb37fdd8b10f SHA256: 436686dc03ac8d875b59741f19d0a0a84e935a46bcd5bf8e045b7ab8425aa37a SSDeep: 24:4LWB8OVjVBZXf9OF+JoRW+J2V2P4b4YLp4YJ8w6DNDc6we6mVGDJhtfUCfBRcR5c:46hlZXfqKsixWA6Dc6z6mepUIcYTz |
|
|
| \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml | 1.42 KB |
MD5:
622ed42424ecbb3d991d57fc22285739
SHA1: fa87d7a97dd8a476db056f5029763e605fb1531a SHA256: 40a46e0f836b0313ace1d92f977d8d842bb662efc85ad343aa2a7cb55a564195 SSDeep: 24:4LWB94RMNqtZX+9OthF+JoRW+J2V7q+0tpv9hw6D82L6CMclZneLPA+pUMR33:4694RMNqtZX+eKs+ApQ2uCfZnejA+pUa |
|
|
| \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml | 811 bytes |
MD5:
509d7c9aa92ce027aa3317bb03ff180c
SHA1: 1e9c841f0c8175eab292c06c8f64379dd15ee183 SHA256: 75bb089ea8bf2c15756771f41421d82c50ace0ce02e3c210c40d2a811b3482e2 SSDeep: 24:4LWBsOWN8U6aoGbC5oR5tri5N8mR5+OfcR5+K+Wm:46HgoY/MKWYOfcYK+Wm |
|
|
| \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml | 1.20 KB |
MD5:
e0b53850b9568d6582c92b79d89037cf
SHA1: e89953178f2d61877b9c983c05e5c66b303caf55 SHA256: f64cf6d3b59c7d21463c179cefe4e3bfa3eef8b9307e07d7453e1c0579c2f26d SSDeep: 24:4LWB24qCi9RcxaqphtBfSR6TBRsdHL8tJzsEm/zvV5N8mR5++J8UNo:4624Rikxa6dfSR6OuAbnKWY+OUK |
|
|
| \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml | 1.81 KB |
MD5:
8aa44fd454012e1b6bd631b27c927e42
SHA1: afcc8bfb89b61cda8076093769c021a37ef96d5c SHA256: ee8c13db5055ef0c03ebc7a4385b03e62838e433260eaf334efce9be8fcfa8a3 SSDeep: 48:46FFBv8bNao56dq+/+YB5nl2GvFEFB5RwMcjp:4/4Fdn9lFvEB1cjp |
|
|
| \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab | 9.50 MB |
MD5:
d95cb3be7bab4c48efe494ef44492972
SHA1: 7fd2a0845abfdfacbd3f993b46f7415fa01fdd2b SHA256: dd54dedbe646e3e06cd4e084abf0d103f862dbf2e29715da5bfa6d40232cbb05 SSDeep: 196608:NwUPUvTYpH9lBl/tus7o4L7tZiTnp/jE4U/bxlLRx+c:N7UvTiJhU4L7tZiTnprP0txRsc |
|
|
| \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml | 1.42 KB |
MD5:
0635cdf96bbacd3d4a8671b1804c4e67
SHA1: d37242bbbf7970fa1334e10a162dd34a6b61193d SHA256: fedaf0ba550d1500eb031054a04abf5d779c27124a756d8f1c2fdcd8e5822fe1 SSDeep: 24:4LWBENtZjb1RZi/nhP+ZXa9OF+JoRW+J2UzseB6RMzR7HidY3FRqn1j/8UjYNdjZ:46ENtZjbLZifhGZXaqKUTBaMlbFun1jW |
|
|
| \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml | 1.84 KB |
MD5:
751e7b0d879201c21eb164ffdfff9cce
SHA1: a6804d5e917a454ceb5002e9527af0e5cc2cf195 SHA256: a9bcf07785771fe64ac8a5b5510d4103f5ccba26b2e577e872f1bbcfaa6daf1a SSDeep: 48:46iKB7qxjkeMqNFSXh/AkrQ2v98S4vEu5H9/8+ldie:4OYjT/WCkr5uRcu5Ha+h |
|
|
| \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml | 1.42 KB |
MD5:
f75f4b5dfd7aa5c07c8a57ec2576014f
SHA1: cf5b1566fe6fac670f3980f6b39dfb6647fb8c14 SHA256: c3b221278ff667a0eaad11e99531630e5e80327f924de624be017d069a8056fa SSDeep: 24:4LWBbedqrik2SNxC5oR54Jw6D1cYEL9aD0Rd7itJzsftRrB6A+0Uyibjlzs7:46b8qb6cYErgi4A+btflo |
|
|
| \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml | 1.57 KB |
MD5:
e9acb2e60d1b75eab153c46bc84096c9
SHA1: 9afcb0fcfe7b86f391a00fc2bc3201edfbf0cfb5 SHA256: 28d42d40c71ec2e2a08a77504ff9da83949cbc7eb98f8b66a428d380d404c412 SSDeep: 24:4LWBKaNmJNl8pp/8QRRkbb8g9WlMcV/I9B5MOI5fg2EC0oa+NAaVCyp7FhTfIW4Y:46KaYJNlc1kbHhj9vMgoacIWCBmlT |
|
|
| \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml | 1.32 KB |
MD5:
1550289f98c2dea2643740f2d9484e46
SHA1: 31b5a518229813d21f8fbfbd4c9bd3e67c8d07bb SHA256: a59e44d4b991517c12b06038413c6e2658c95e74a0b0efa5016f24127b1f4774 SSDeep: 24:4LWBjIRjHFb4JZXw9OJDTiXTw6DhZgbLNjVKhmhQxORxxElzR5htfUCfBRcR5+KO:46Ehl8ZXwwDTiXavUkxsBUIcYK+Wm |
|
|
| \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml | 1.35 KB |
MD5:
3076b6c75b20e938b74fa29a4e74f128
SHA1: 14cb072ff96a6bb16827295ff18cb67fdf516914 SHA256: 180ca3f6fe46a03914f5c90c298fbdb39dfdc988e93126e392062b2db61c3623 SSDeep: 24:4LWBgR6HUZzgZNw9RiRe6F+JoRW+J2QdC1ND16eFWzspi8R181UgJi5N8mR5++Jc:46/sWwaeIKQd66eFDAMKWY+OUK |
|
|
| \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi | 2.40 MB |
MD5:
8d002f7d05f06d719fa9be61de6c09d3
SHA1: 8ecb3097dc86818822011273b6e4217ea340fbb7 SHA256: 161abcf835ceb239080306e26fed2fe85f6d45787755aac72ddd2a3daf1f5e6b SSDeep: 49152:F0KDxL8QBoI9eljidTex4S120ytJyhaLz6CCHm:F0KR89EQ1oL |
|
|
Host Behavior
File (27646)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | COM3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\encrypted_key.bin | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\$Recycle.Bin | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Boot | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\bootmgr | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\BOOTSECT.BAK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Config.Msi\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Config.Msi\. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Config.Msi\.. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Documents and Settings\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\hiberfil.sys | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\.. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\.. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\.. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\.. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\.. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\.. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\.. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\.. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\.. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\.. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\.. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\.. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OnoteLR.cab | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\.. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjLR.cab | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\.. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveLR.cab | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\.. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\1033\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\1033\dwintl20.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\DW20.EXE | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwdcw20.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwtrig20.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Microsoft.VC90.CRT.manifest | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\msvcr90.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeLR.cab | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\osetupui.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\ShellUI.MST | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\.. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccLR.cab | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\.. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ose.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\osetup.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\OWOW32WW.cab | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\PidGenX.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPrWW.cab | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPrWW2.cab | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\setup.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\.. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\ose.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\osetup.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\OWOW32WW.cab | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PidGenX.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjPrrWW.cab | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\setup.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\.. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\ose.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\osetup.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\OWOW32WW.cab | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\PidGenX.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\setup.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.cab | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\pagefile.sys | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\PerfLogs\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\PerfLogs\Admin\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files (x86) | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\ProgramData | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Recovery | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\System Volume Information | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\.. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Application Data\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\.. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Aclviho ASldjfl.contact | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Administrator.contact | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\asdlfk poopvy.contact | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\chucu jadnvk.contact | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\lulcit amkdfe.contact | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\sikvnb huvuib.contact | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Cookies\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\.. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\-b8ed06NfQhTvq.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0btaQ.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\1pVnleanSe6dZ.pptx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\3FR Lb_ f2V10zJCIMwU.swf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\7AfwQ_WZe5ha.swf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\8NXhxVqPWZApB7mf10P.swf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\bbrLRDiVR4aK12B.pptx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\bs03u4lh.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\bWPqI.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\C0PIb-NmaAc\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\C0PIb-NmaAc\d5e0LDbq40k.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\C0PIb-NmaAc\dNFlC.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Di_Ol.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\E8 kE88i1W3QwH\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\E8 kE88i1W3QwH\5ZfGR6.odp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\E8 kE88i1W3QwH\qlvsXweN.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\E8 kE88i1W3QwH\V5bnknbXFXwTpuYS9lA1.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\EM-nPgQgiqe.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\hsu8rBm.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\k6NcZ6.csv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\nUCaoxSJGDbBwGg.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\POjT3zTlqeASX2xNZ7p3.mkv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\s5y4B80lMsknweWF.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\T7OJftduh.docx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\u90ymI9Hqg28Pj.mkv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\uscKM_DAG.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\vrdM-nn3b8n30TAETv.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Vsu1kVcnMFKdHgaN_.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\XFXmNV.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\YjbKWbGfUPiAJCh2P.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\z Zc8OQUt.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\_BbTYNGdbH5Er5Ql6fD\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\_BbTYNGdbH5Er5Ql6fD\AvhB.mkv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\_BbTYNGdbH5Er5Ql6fD\f3Rz.ppt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\_BbTYNGdbH5Er5Ql6fD\RcGAk8.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\_BbTYNGdbH5Er5Ql6fD\wsK4_vIC.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\_C DoIk-5qMbl6D4U.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\.. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\-9EUb4L3399awCC.docx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\-sYZrPllcrjp.docx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\0XuUN9JSDSxREM7mzg.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\1CPSd8G65 mEplw4.xls | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\1fa4gXhGRpk.pptx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\42kP8_D45.pptx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\4IbpcE--KbmSfv_aJw.pptx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5-LNj.csv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\75oGwdSHHuF.pptx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\9FD2k.pdf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ABF0aLBG963m EkiYBX.xlsx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Af wdc6gvvB4GEoVYk.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\bCDHTVqzQtWV-s-vy.ods | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\CJgE5Q8h.csv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Ck2RvdL46QW.pdf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\eOS6C.xls | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\fbW9 _1X0mquhszFWG.doc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\GRahznHNzmVQcGokFi3z.doc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\h4QfJ9QJ.xlsx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\HY4pujbA nt.pps | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\HZGDwyat6.pptx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\i7of 8T7PV.docx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\JR-AYkanGK5K.docx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Kl3IC7RD7z_ajAiO5vBV.xlsx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\kqtfQ 4.xlsx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\krvxET8yG61J.docx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\MHHo2L.odp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mnhoo.odp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Music\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Pictures\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\.. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\Favorites.vss | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\_private\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\_private\. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\_private\.. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\_private\folder.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Videos\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Outlook Files\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Outlook Files\voeimd@djhreuu.uhd.pst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ppL YIqpWbxmt.csv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\QdST.pptx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\QET0P39t1ig.xlsx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\RbWePpzKlxjr9wyTw.docx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\rzfoGN.docx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\R_jYe.odt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\S9sG.ots | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\sUE4Q.xls | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Vu7MfR CSR2doI1.odp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\vUPtW2gF8fupWUB1q39.xlsx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\WRxv J10fal AIubF_p.pptx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\x7LCRCUH5cBT3GGn.csv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\xfu8JL.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\y loQu8BI.pdf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Y-3aMvXXVW9zk0.xls | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Z9EKzAcm_waypi6.pptx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\_hAwBj.ods | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Downloads\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Downloads\. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Downloads\.. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Downloads\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\.. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\.. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Suggested Sites.url | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Web Slice Gallery.url | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE Add-on site.url | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE site on Microsoft.com.url | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Home.url | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Work.url | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft Store.url | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Autos.url | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Entertainment.url | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Money.url | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Sports.url | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN.url | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSNBC News.url | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Get Windows Live.url | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Gallery.url | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Mail.url | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Spaces.url | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\.. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\Desktop.lnk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\Downloads.lnk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\RecentPlaces.lnk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Local Settings\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\.. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\0hQ94n-AlC6zC.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\205MwCdyS2.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\54ogc bBmwrpDV.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\6yBdejWrQfHK.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\7DvoJBiDAuOwV9aRK.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\7IS-QtT4pGo B2diir1i.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\7Zn8NHw.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\85QdGuFEKh_ij19tR zH.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\9Ep6PzOPMXmWhK.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\aE8vBxMNM0ogXQU.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\B4 268qSuWz8Dni.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\bIn9Vi8auN09sAD.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\cyEXlQvR.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\F-xaQllFqKoG1Hu-bD.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\FemlKbIG24uCFgo8g.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\fF257d9Q198r.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\Fqj-1mq-FePGZSSZz.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\gqSGuwgKIp_0Fn6.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\Gzg_zoiv4ZdFNbh.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\IwC1j8G-.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\JG4AtxBqgeh.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\k9qgb2cgw-.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\Ka7y5RWO-SP.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\KtL8c1Tgl5DlvBpWYtYi.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\m C 6dAZpJmx2ctEFD.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\M9EDPa77CHOVaXJNhp.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\mDLB1QAVOk4m-OGU4.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\ncQON.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\oYbiM1a5YLkH2Q.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\RqxxAWb1.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\TyBX_ 6bPOwTLUR64z.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\vd_U Rp_hIMWKBhTIdY.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\vVIvjE.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\WRrBh6ssG.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\WY6T.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\xGHzUDHE1kl.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\yK-UYFmKNUvJKD.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\Z4D_q0BB.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\ZL_OLbuG0cQwHV_g.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\My Documents\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\NetHood\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\NTUSER.DAT | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\ntuser.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\ntuser.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\ntuser.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\.. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4pgvi X8ath7_NzVFNz\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4pgvi X8ath7_NzVFNz\1kDt-\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4pgvi X8ath7_NzVFNz\1kDt-\f3gTFn8Ddo23uUVVU6Dv\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4pgvi X8ath7_NzVFNz\1kDt-\f3gTFn8Ddo23uUVVU6Dv\3iwVhcV.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4pgvi X8ath7_NzVFNz\1kDt-\f3gTFn8Ddo23uUVVU6Dv\b2WXR2hdnO-WLnuui20c.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4pgvi X8ath7_NzVFNz\1kDt-\f3gTFn8Ddo23uUVVU6Dv\ckcV.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4pgvi X8ath7_NzVFNz\1kDt-\f3gTFn8Ddo23uUVVU6Dv\WFeqvPD3 lBsDHA.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4pgvi X8ath7_NzVFNz\1kDt-\f3gTFn8Ddo23uUVVU6Dv\X8Vg0.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4pgvi X8ath7_NzVFNz\1kDt-\f3gTFn8Ddo23uUVVU6Dv\_1lwWOO_urs4Sfc0.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4pgvi X8ath7_NzVFNz\1kDt-\lrcCxxiW6.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4pgvi X8ath7_NzVFNz\1kDt-\uzo-m B66K9r\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4pgvi X8ath7_NzVFNz\1kDt-\uzo-m B66K9r\lzNskaWS.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4pgvi X8ath7_NzVFNz\1kDt-\uzo-m B66K9r\QrRRALhkNNCdEL.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4pgvi X8ath7_NzVFNz\1kDt-\vaE2c-avK.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4pgvi X8ath7_NzVFNz\AOU8EW.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4pgvi X8ath7_NzVFNz\Bf1jRQgwMA_w.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4pgvi X8ath7_NzVFNz\OQDsus71EbAl-\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4pgvi X8ath7_NzVFNz\OQDsus71EbAl-\B9mL.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4pgvi X8ath7_NzVFNz\OQDsus71EbAl-\FBqHelrpkSU_yZkm.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4pgvi X8ath7_NzVFNz\OQDsus71EbAl-\JxggCLWGwyT0Emc.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4pgvi X8ath7_NzVFNz\OQDsus71EbAl-\KeuQ0z2uM06GUynaN.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4pgvi X8ath7_NzVFNz\OQDsus71EbAl-\Tlwoa CK-sZ0YiF.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4pgvi X8ath7_NzVFNz\x2wS 5BwjRR.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4pgvi X8ath7_NzVFNz\YH4mtHxOGxbcYGviW\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4pgvi X8ath7_NzVFNz\YH4mtHxOGxbcYGviW\2Bp1MACvXug9OAI.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4pgvi X8ath7_NzVFNz\YH4mtHxOGxbcYGviW\n8HbP.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4pgvi X8ath7_NzVFNz\YH4mtHxOGxbcYGviW\_mqfOPK.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4VBgo-2LU95yb.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\7pJx-Q7T_OHlahI4i.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Hapy.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\KuR20VQSg7_2.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\mblk6QA4YpU.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\W2j2FTwmChPzAPOOj.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\PrintHood\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Recent\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Saved Games\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Saved Games\. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Saved Games\.. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Saved Games\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\.. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\Everywhere.search-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\Indexed Locations.search-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\SendTo\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Start Menu\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Templates\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\.. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\5b-rauuBAFILXx.mkv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\7IumM\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\7IumM\3 Cpp7gx6860-sdJ_.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\7IumM\36Z3anL9F9RN67MWK-oz.mkv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\7IumM\54qe3lx25Z2.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\7IumM\73rO7P.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\7IumM\BzO52bmUP.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\7IumM\jx2XdH.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\7IumM\Q2G8ryteF6QD.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\7IumM\Qq7uzhKknaiCUKQichY.swf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\7IumM\RlHh95l3rQOlip8CEFv.swf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\7IumM\Sjv8FlA6Q2rz0veM.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\7IumM\_OpYmX.mkv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\F-vQc.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\GViR11LliRsbs3yfM.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\O4Q7eZnZeuaxMp7-4.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\POWvkTYEPKAII.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\qDjEFmi9tRNCJfVVaJ7f\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\qDjEFmi9tRNCJfVVaJ7f\--IY.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\qDjEFmi9tRNCJfVVaJ7f\bK9arxkWqPb KaCnxTm.swf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\qDjEFmi9tRNCJfVVaJ7f\gc1p-NqQ.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\qDjEFmi9tRNCJfVVaJ7f\MPp1saO.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\qDjEFmi9tRNCJfVVaJ7f\S7HOWpjWG29M1DjduZIk.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\qDjEFmi9tRNCJfVVaJ7f\v3f-KV_ yPx.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\rpO7rc6Ia8sKvBM7Y2Om.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\tmC.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\tqX WlfzIDt33h1fI4\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\tqX WlfzIDt33h1fI4\fIsGlFZuAL.mkv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\tqX WlfzIDt33h1fI4\H7iH8OTjw9.swf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\tqX WlfzIDt33h1fI4\jGXkZgjW7Wy8jE.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\tqX WlfzIDt33h1fI4\jx4HJThMR.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\tqX WlfzIDt33h1fI4\LNe2swwwB2mJpF3D3.mkv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\tqX WlfzIDt33h1fI4\N6brUAP9kPaefea8.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\tqX WlfzIDt33h1fI4\xbBlYLocxcF20GksjtID.mkv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\tqX WlfzIDt33h1fI4\Zpobq4SBJ1J.mkv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\W0X37OqcLbAzy4lPXJ.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\All Users | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\.. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\AppData | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Application Data\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Contacts\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Contacts\. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Contacts\.. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Contacts\Administrator.contact | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Contacts\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Cookies\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Desktop\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Desktop\. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Desktop\.. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Desktop\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Documents\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Documents\. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Documents\.. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Documents\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Documents\My Music\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Documents\My Pictures\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Documents\My Videos\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Downloads\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Downloads\. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Downloads\.. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Downloads\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Favorites\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Favorites\. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Favorites\.. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Favorites\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Favorites\Links\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Favorites\Links\. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Favorites\Links\.. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Favorites\Links\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Favorites\Links\Web Slice Gallery.url | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Favorites\Microsoft Websites\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Favorites\Microsoft Websites\IE Add-on site.url | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Favorites\Microsoft Websites\IE site on Microsoft.com.url | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Favorites\Microsoft Websites\Microsoft At Home.url | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Favorites\Microsoft Websites\Microsoft At Work.url | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Favorites\Microsoft Websites\Microsoft Store.url | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Favorites\MSN Websites\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Favorites\MSN Websites\MSN Autos.url | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Favorites\MSN Websites\MSN Entertainment.url | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Favorites\MSN Websites\MSN Money.url | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Favorites\MSN Websites\MSN Sports.url | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Favorites\MSN Websites\MSN.url | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Favorites\MSN Websites\MSNBC News.url | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Favorites\Windows Live\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Favorites\Windows Live\Get Windows Live.url | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Favorites\Windows Live\Windows Live Gallery.url | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Favorites\Windows Live\Windows Live Mail.url | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Favorites\Windows Live\Windows Live Spaces.url | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Links\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Links\. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Links\.. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Links\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Links\Desktop.lnk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Links\Downloads.lnk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Links\RecentPlaces.lnk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Local Settings\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Music\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Music\. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Music\.. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Music\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\My Documents\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\NetHood\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\NTUSER.DAT | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\NTUSER.DAT.LOG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\NTUSER.DAT.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\NTUSER.DAT.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\ntuser.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Pictures\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Pictures\. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Pictures\.. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Pictures\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\PrintHood\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Recent\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Saved Games\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Saved Games\. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Saved Games\.. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Saved Games\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Searches\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Searches\. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Searches\.. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Searches\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Searches\Everywhere.search-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Searches\Indexed Locations.search-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\SendTo\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Start Menu\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Templates\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Videos\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Videos\. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Videos\.. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default\Videos\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Default User\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\.. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Desktop\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Desktop\. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Desktop\.. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Desktop\Adobe Reader X.lnk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Desktop\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Desktop\Google Chrome.lnk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Desktop\Mozilla Firefox.lnk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Documents\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Documents\. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Documents\.. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Documents\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Documents\My Music\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Documents\My Pictures\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Documents\My Videos\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Downloads\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Downloads\. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Downloads\.. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Downloads\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Favorites\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Favorites\. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Favorites\.. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Libraries\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Libraries\. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Libraries\.. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Libraries\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Libraries\RecordedTV.library-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Music\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Music\. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Music\.. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Music\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Music\Sample Music\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Music\Sample Music\. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Music\Sample Music\.. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Music\Sample Music\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Music\Sample Music\Kalimba.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Music\Sample Music\Sleep Away.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Pictures\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Pictures\. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Pictures\.. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Pictures\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Pictures\Sample Pictures\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Pictures\Sample Pictures\. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Pictures\Sample Pictures\.. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Pictures\Sample Pictures\Desert.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Pictures\Sample Pictures\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Pictures\Sample Pictures\Koala.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Recorded TV\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Recorded TV\. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Recorded TV\.. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Recorded TV\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Recorded TV\Sample Media\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Recorded TV\Sample Media\. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Recorded TV\Sample Media\.. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Recorded TV\Sample Media\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Videos\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Videos\. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Videos\.. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Videos\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Videos\Sample Videos\# DECRYPT MY FILES #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Videos\Sample Videos\. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Videos\Sample Videos\.. | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Videos\Sample Videos\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\Public\Videos\Sample Videos\Wildlife.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Tempdesk.bmp | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_SEQUENTIAL_SCAN |
|
1 | |
| Open | STD_INPUT_HANDLE | - |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Move | \\?\C:\$Recycle.Bin.NHCR | source_filename = \\?\C:\$Recycle.Bin |
|
1 | |
| Move | \\?\C:\Boot.NHCR | source_filename = \\?\C:\Boot |
|
1 | |
| Move | \\?\C:\bootmgr.NHCR | source_filename = \\?\C:\bootmgr |
|
1 | |
| Move | \\?\C:\BOOTSECT.BAK.NHCR | source_filename = \\?\C:\BOOTSECT.BAK |
|
1 | |
| Move | \\?\C:\Config.Msi\..NHCR | source_filename = \\?\C:\Config.Msi\. |
|
1 | |
| Move | \\?\C:\Config.Msi\...NHCR | source_filename = \\?\C:\Config.Msi\.. |
|
1 | |
| Move | \\?\C:\hiberfil.sys.NHCR | source_filename = \\?\C:\hiberfil.sys |
|
1 | |
| Move | \\?\C:\MSOCache\..NHCR | source_filename = \\?\C:\MSOCache\. |
|
1 | |
| Move | \\?\C:\MSOCache\...NHCR | source_filename = \\?\C:\MSOCache\.. |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\..NHCR | source_filename = \\?\C:\MSOCache\All Users\. |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\...NHCR | source_filename = \\?\C:\MSOCache\All Users\.. |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\..NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\. |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\...NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\.. |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\..NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\. |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\...NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\.. |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\..NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\. |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\...NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\.. |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\..NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\. |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\...NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\.. |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\..NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\. |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\...NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\.. |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\..NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\. |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\...NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\.. |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\..NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\. |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\...NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\.. |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\..NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\. |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\...NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\.. |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.msi.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.msi |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\..NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\. |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\...NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\.. |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.msi.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.msi |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\..NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\. |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\...NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\.. |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.msi.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.msi |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OnoteLR.cab.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OnoteLR.cab |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\..NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\. |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\...NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\.. |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.msi.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.msi |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjLR.cab.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjLR.cab |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\..NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\. |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\...NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\.. |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveLR.cab.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveLR.cab |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.msi.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.msi |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\..NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\. |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\...NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\.. |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\1033\dwintl20.dll.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\1033\dwintl20.dll |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\DW20.EXE.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\DW20.EXE |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwdcw20.dll.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwdcw20.dll |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwtrig20.exe.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwtrig20.exe |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Microsoft.VC90.CRT.manifest.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Microsoft.VC90.CRT.manifest |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\msvcr90.dll.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\msvcr90.dll |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeLR.cab.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeLR.cab |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.msi.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.msi |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.msi.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.msi |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\osetupui.dll.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\osetupui.dll |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\ShellUI.MST.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\ShellUI.MST |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\..NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\. |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\...NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\.. |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.msi.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.msi |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccLR.cab.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccLR.cab |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.msi.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.msi |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml.NHCR | source_filename = \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\..NHCR | source_filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\. |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\...NHCR | source_filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\.. |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.msi.NHCR | source_filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.msi |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml.NHCR | source_filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ose.exe.NHCR | source_filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ose.exe |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\osetup.dll.NHCR | source_filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\osetup.dll |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\OWOW32WW.cab.NHCR | source_filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\OWOW32WW.cab |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\PidGenX.dll.NHCR | source_filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\PidGenX.dll |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms.NHCR | source_filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.msi.NHCR | source_filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.msi |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml.NHCR | source_filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPrWW.cab.NHCR | source_filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPrWW.cab |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPrWW2.cab.NHCR | source_filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPrWW2.cab |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\setup.exe.NHCR | source_filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\setup.exe |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml.NHCR | source_filename = \\?\C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\..NHCR | source_filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\. |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\...NHCR | source_filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\.. |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.msi.NHCR | source_filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.msi |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml.NHCR | source_filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\ose.exe.NHCR | source_filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\ose.exe |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\osetup.dll.NHCR | source_filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\osetup.dll |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\OWOW32WW.cab.NHCR | source_filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\OWOW32WW.cab |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PidGenX.dll.NHCR | source_filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PidGenX.dll |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms.NHCR | source_filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.msi.NHCR | source_filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.msi |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml.NHCR | source_filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjPrrWW.cab.NHCR | source_filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjPrrWW.cab |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\setup.exe.NHCR | source_filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\setup.exe |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml.NHCR | source_filename = \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\..NHCR | source_filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\. |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\...NHCR | source_filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\.. |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.msi.NHCR | source_filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.msi |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml.NHCR | source_filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\ose.exe.NHCR | source_filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\ose.exe |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\osetup.dll.NHCR | source_filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\osetup.dll |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\OWOW32WW.cab.NHCR | source_filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\OWOW32WW.cab |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\PidGenX.dll.NHCR | source_filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\PidGenX.dll |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms.NHCR | source_filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\setup.exe.NHCR | source_filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\setup.exe |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml.NHCR | source_filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.cab.NHCR | source_filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.cab |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.msi.NHCR | source_filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.msi |
|
1 | |
| Move | \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml.NHCR | source_filename = \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml |
|
1 | |
| Move | \\?\C:\pagefile.sys.NHCR | source_filename = \\?\C:\pagefile.sys |
|
1 | |
| Move | \\?\C:\Program Files.NHCR | source_filename = \\?\C:\Program Files |
|
1 | |
| Move | \\?\C:\Program Files (x86).NHCR | source_filename = \\?\C:\Program Files (x86) |
|
1 | |
| Move | \\?\C:\ProgramData.NHCR | source_filename = \\?\C:\ProgramData |
|
1 | |
| Move | \\?\C:\Recovery.NHCR | source_filename = \\?\C:\Recovery |
|
1 | |
| Move | \\?\C:\System Volume Information.NHCR | source_filename = \\?\C:\System Volume Information |
|
1 | |
| Move | \\?\C:\Users\..NHCR | source_filename = \\?\C:\Users\. |
|
1 | |
| Move | \\?\C:\Users\...NHCR | source_filename = \\?\C:\Users\.. |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\AppData |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\..NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\. |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\...NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\.. |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Aclviho ASldjfl.contact.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Aclviho ASldjfl.contact |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Administrator.contact.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Administrator.contact |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\asdlfk poopvy.contact.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\asdlfk poopvy.contact |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\chucu jadnvk.contact.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\chucu jadnvk.contact |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\desktop.ini.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\desktop.ini |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\lulcit amkdfe.contact.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\lulcit amkdfe.contact |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\sikvnb huvuib.contact.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\sikvnb huvuib.contact |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\..NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\. |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\...NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\.. |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\-b8ed06NfQhTvq.png.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\-b8ed06NfQhTvq.png |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0btaQ.gif.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0btaQ.gif |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\1pVnleanSe6dZ.pptx.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\1pVnleanSe6dZ.pptx |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\3FR Lb_ f2V10zJCIMwU.swf.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\3FR Lb_ f2V10zJCIMwU.swf |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\7AfwQ_WZe5ha.swf.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\7AfwQ_WZe5ha.swf |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\8NXhxVqPWZApB7mf10P.swf.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\8NXhxVqPWZApB7mf10P.swf |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\bbrLRDiVR4aK12B.pptx.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\bbrLRDiVR4aK12B.pptx |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\bs03u4lh.exe.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\bs03u4lh.exe |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\bWPqI.bmp.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\bWPqI.bmp |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\C0PIb-NmaAc\d5e0LDbq40k.png.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\C0PIb-NmaAc\d5e0LDbq40k.png |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\C0PIb-NmaAc\dNFlC.mp4.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\C0PIb-NmaAc\dNFlC.mp4 |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\desktop.ini.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\desktop.ini |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Di_Ol.flv.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Di_Ol.flv |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\E8 kE88i1W3QwH\5ZfGR6.odp.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\E8 kE88i1W3QwH\5ZfGR6.odp |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\E8 kE88i1W3QwH\qlvsXweN.flv.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\E8 kE88i1W3QwH\qlvsXweN.flv |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\E8 kE88i1W3QwH\V5bnknbXFXwTpuYS9lA1.mp3.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\E8 kE88i1W3QwH\V5bnknbXFXwTpuYS9lA1.mp3 |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\EM-nPgQgiqe.gif.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\EM-nPgQgiqe.gif |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\hsu8rBm.flv.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\hsu8rBm.flv |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\k6NcZ6.csv.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\k6NcZ6.csv |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\nUCaoxSJGDbBwGg.flv.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\nUCaoxSJGDbBwGg.flv |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\POjT3zTlqeASX2xNZ7p3.mkv.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\POjT3zTlqeASX2xNZ7p3.mkv |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\s5y4B80lMsknweWF.avi.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\s5y4B80lMsknweWF.avi |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\T7OJftduh.docx.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\T7OJftduh.docx |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\u90ymI9Hqg28Pj.mkv.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\u90ymI9Hqg28Pj.mkv |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\uscKM_DAG.wav.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\uscKM_DAG.wav |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\vrdM-nn3b8n30TAETv.mp4.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\vrdM-nn3b8n30TAETv.mp4 |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Vsu1kVcnMFKdHgaN_.mp3.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Vsu1kVcnMFKdHgaN_.mp3 |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\XFXmNV.mp3.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\XFXmNV.mp3 |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\YjbKWbGfUPiAJCh2P.m4a.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\YjbKWbGfUPiAJCh2P.m4a |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\z Zc8OQUt.rtf.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\z Zc8OQUt.rtf |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\_BbTYNGdbH5Er5Ql6fD\AvhB.mkv.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\_BbTYNGdbH5Er5Ql6fD\AvhB.mkv |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\_BbTYNGdbH5Er5Ql6fD\f3Rz.ppt.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\_BbTYNGdbH5Er5Ql6fD\f3Rz.ppt |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\_BbTYNGdbH5Er5Ql6fD\RcGAk8.mp3.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\_BbTYNGdbH5Er5Ql6fD\RcGAk8.mp3 |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\_BbTYNGdbH5Er5Ql6fD\wsK4_vIC.mp4.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\_BbTYNGdbH5Er5Ql6fD\wsK4_vIC.mp4 |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\_C DoIk-5qMbl6D4U.jpg.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\_C DoIk-5qMbl6D4U.jpg |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\..NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\. |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\...NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\.. |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\-9EUb4L3399awCC.docx.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\-9EUb4L3399awCC.docx |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\-sYZrPllcrjp.docx.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\-sYZrPllcrjp.docx |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\0XuUN9JSDSxREM7mzg.rtf.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\0XuUN9JSDSxREM7mzg.rtf |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\1CPSd8G65 mEplw4.xls.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\1CPSd8G65 mEplw4.xls |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\1fa4gXhGRpk.pptx.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\1fa4gXhGRpk.pptx |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\42kP8_D45.pptx.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\42kP8_D45.pptx |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\4IbpcE--KbmSfv_aJw.pptx.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\4IbpcE--KbmSfv_aJw.pptx |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5-LNj.csv.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5-LNj.csv |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\75oGwdSHHuF.pptx.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\75oGwdSHHuF.pptx |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\9FD2k.pdf.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\9FD2k.pdf |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ABF0aLBG963m EkiYBX.xlsx.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ABF0aLBG963m EkiYBX.xlsx |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Af wdc6gvvB4GEoVYk.rtf.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Af wdc6gvvB4GEoVYk.rtf |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\bCDHTVqzQtWV-s-vy.ods.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\bCDHTVqzQtWV-s-vy.ods |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\CJgE5Q8h.csv.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\CJgE5Q8h.csv |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Ck2RvdL46QW.pdf.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Ck2RvdL46QW.pdf |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\desktop.ini.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\desktop.ini |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\eOS6C.xls.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\eOS6C.xls |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\fbW9 _1X0mquhszFWG.doc.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\fbW9 _1X0mquhszFWG.doc |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\GRahznHNzmVQcGokFi3z.doc.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\GRahznHNzmVQcGokFi3z.doc |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\h4QfJ9QJ.xlsx.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\h4QfJ9QJ.xlsx |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\HY4pujbA nt.pps.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\HY4pujbA nt.pps |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\HZGDwyat6.pptx.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\HZGDwyat6.pptx |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\i7of 8T7PV.docx.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\i7of 8T7PV.docx |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\JR-AYkanGK5K.docx.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\JR-AYkanGK5K.docx |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Kl3IC7RD7z_ajAiO5vBV.xlsx.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Kl3IC7RD7z_ajAiO5vBV.xlsx |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\kqtfQ 4.xlsx.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\kqtfQ 4.xlsx |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\krvxET8yG61J.docx.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\krvxET8yG61J.docx |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\MHHo2L.odp.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\MHHo2L.odp |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mnhoo.odp.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mnhoo.odp |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\..NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\. |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\...NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\.. |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\desktop.ini.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\desktop.ini |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\Favorites.vss.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\Favorites.vss |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\_private\..NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\_private\. |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\_private\...NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\_private\.. |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\_private\folder.ico.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\_private\folder.ico |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Outlook Files\voeimd@djhreuu.uhd.pst.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Outlook Files\voeimd@djhreuu.uhd.pst |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ppL YIqpWbxmt.csv.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ppL YIqpWbxmt.csv |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\QdST.pptx.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\QdST.pptx |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\QET0P39t1ig.xlsx.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\QET0P39t1ig.xlsx |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\RbWePpzKlxjr9wyTw.docx.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\RbWePpzKlxjr9wyTw.docx |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\rzfoGN.docx.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\rzfoGN.docx |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\R_jYe.odt.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\R_jYe.odt |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\S9sG.ots.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\S9sG.ots |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\sUE4Q.xls.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\sUE4Q.xls |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Vu7MfR CSR2doI1.odp.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Vu7MfR CSR2doI1.odp |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\vUPtW2gF8fupWUB1q39.xlsx.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\vUPtW2gF8fupWUB1q39.xlsx |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\WRxv J10fal AIubF_p.pptx.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\WRxv J10fal AIubF_p.pptx |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\x7LCRCUH5cBT3GGn.csv.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\x7LCRCUH5cBT3GGn.csv |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\xfu8JL.rtf.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\xfu8JL.rtf |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\y loQu8BI.pdf.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\y loQu8BI.pdf |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Y-3aMvXXVW9zk0.xls.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Y-3aMvXXVW9zk0.xls |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Z9EKzAcm_waypi6.pptx.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Z9EKzAcm_waypi6.pptx |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\_hAwBj.ods.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\_hAwBj.ods |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Downloads\..NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Downloads\. |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Downloads\...NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Downloads\.. |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Downloads\desktop.ini.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Downloads\desktop.ini |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\..NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\. |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\...NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\.. |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\desktop.ini.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\desktop.ini |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\..NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\. |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\...NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\.. |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\desktop.ini.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\desktop.ini |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Suggested Sites.url.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Suggested Sites.url |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Web Slice Gallery.url.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Web Slice Gallery.url |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE Add-on site.url.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE Add-on site.url |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE site on Microsoft.com.url.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE site on Microsoft.com.url |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Home.url.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Home.url |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Work.url.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Work.url |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft Store.url.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft Store.url |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Autos.url.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Autos.url |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Entertainment.url.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Entertainment.url |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Money.url.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Money.url |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Sports.url.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Sports.url |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN.url.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN.url |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSNBC News.url.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSNBC News.url |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Get Windows Live.url.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Get Windows Live.url |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Gallery.url.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Gallery.url |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Mail.url.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Mail.url |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Spaces.url.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Spaces.url |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\..NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\. |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\...NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\.. |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\desktop.ini.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\desktop.ini |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\Desktop.lnk.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\Desktop.lnk |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\Downloads.lnk.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\Downloads.lnk |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\RecentPlaces.lnk.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\RecentPlaces.lnk |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\..NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\. |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\...NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\.. |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\0hQ94n-AlC6zC.wav.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\0hQ94n-AlC6zC.wav |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\205MwCdyS2.wav.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\205MwCdyS2.wav |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\54ogc bBmwrpDV.mp3.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\54ogc bBmwrpDV.mp3 |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\6yBdejWrQfHK.mp3.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\6yBdejWrQfHK.mp3 |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\7DvoJBiDAuOwV9aRK.m4a.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\7DvoJBiDAuOwV9aRK.m4a |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\7IS-QtT4pGo B2diir1i.m4a.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\7IS-QtT4pGo B2diir1i.m4a |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\7Zn8NHw.m4a.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\7Zn8NHw.m4a |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\85QdGuFEKh_ij19tR zH.mp3.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\85QdGuFEKh_ij19tR zH.mp3 |
|
1 | |
| Move | \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\9Ep6PzOPMXmWhK.m4a.NHCR | source_filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\9Ep6PzOPMXmWhK.m4a |
|
1 | |
|
For performance reasons, the remaining 1270 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
Registry (1)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\ÁD | - |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | vssadmin.exe | show_window = SW_HIDE |
|
1 |
Module (127)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | MSVCRT.dll | base_address = 0x74e10000 |
|
1 | |
| Load | KERNEL32.dll | base_address = 0x76c20000 |
|
1 | |
| Load | USER32.dll | base_address = 0x74f40000 |
|
1 | |
| Load | GDI32.dll | base_address = 0x75ad0000 |
|
1 | |
| Load | ADVAPI32.dll | base_address = 0x74d40000 |
|
1 | |
| Load | SHELL32.dll | base_address = 0x75fd0000 |
|
1 | |
| Load | SHLWAPI.dll | base_address = 0x75340000 |
|
1 | |
| Load | ntdll.dll | base_address = 0x77130000 |
|
2 | |
| Load | MPR.dll | base_address = 0x73ae0000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x76c20000 |
|
12 | |
| Get Handle | c:\users\5p5nrgjn0js halpmcxz\desktop\bs03u4lh.exe | base_address = 0x400000 |
|
2 | |
| Get Handle | c:\windows\syswow64\ntdll.dll | base_address = 0x77130000 |
|
2 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\bs03u4lh.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\bs03u4lh.exe, size = 260 |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsAlloc, address_out = 0x76c34f2b |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsGetValue, address_out = 0x76c31252 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsSetValue, address_out = 0x76c34208 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsFree, address_out = 0x76c3359f |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = EncodePointer, address_out = 0x77170fcb |
|
8 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = DecodePointer, address_out = 0x77169d35 |
|
3 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsProcessorFeaturePresent, address_out = 0x76c35235 |
|
1 | |
| Get Address | c:\windows\syswow64\msvcrt.dll | function = rand, address_out = 0x74e1c070 |
|
1 | |
| Get Address | c:\windows\syswow64\msvcrt.dll | function = memset, address_out = 0x74e19790 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindClose, address_out = 0x76c34442 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFileW, address_out = 0x76c33f5c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = lstrcatW, address_out = 0x76c5828e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateThread, address_out = 0x76c334d5 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFilePointerEx, address_out = 0x76c4c807 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ExitProcess, address_out = 0x76c37a10 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = lstrcmpW, address_out = 0x76c35929 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = MoveFileW, address_out = 0x76c49af0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = lstrcmpA, address_out = 0x76c4eceb |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WaitForMultipleObjects, address_out = 0x76c34220 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GlobalFree, address_out = 0x76c35558 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GlobalLock, address_out = 0x76c4d0a7 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GlobalUnlock, address_out = 0x76c4cfdf |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentProcess, address_out = 0x76c31809 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Wow64DisableWow64FsRedirection, address_out = 0x76c4d650 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ExitThread, address_out = 0x7718d598 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetEnvironmentVariableW, address_out = 0x76c31b48 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetUserDefaultLangID, address_out = 0x76c4d5fd |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Wow64RevertWow64FsRedirection, address_out = 0x76c4d668 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WriteFile, address_out = 0x76c31282 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindNextFileW, address_out = 0x76c354ee |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindFirstFileW, address_out = 0x76c34435 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLogicalDrives, address_out = 0x76c35371 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ReadFile, address_out = 0x76c33ed3 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = lstrlenA, address_out = 0x76c35a4b |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = HeapFree, address_out = 0x76c314c9 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetProcessHeap, address_out = 0x76c314e9 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = HeapAlloc, address_out = 0x7715e026 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleFileNameW, address_out = 0x76c34950 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsWow64Process, address_out = 0x76c3195e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetProcAddress, address_out = 0x76c31222 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CloseHandle, address_out = 0x76c31410 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = LoadLibraryA, address_out = 0x76c349d7 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GlobalAlloc, address_out = 0x76c3588e |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = ReleaseDC, address_out = 0x74f57446 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = SystemParametersInfoW, address_out = 0x74f590d3 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = GetDesktopWindow, address_out = 0x74f60a19 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = GetDC, address_out = 0x74f572c4 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = GetWindowRect, address_out = 0x74f57f34 |
|
1 | |
| Get Address | c:\windows\syswow64\gdi32.dll | function = CreateCompatibleBitmap, address_out = 0x75ae5f49 |
|
1 | |
| Get Address | c:\windows\syswow64\gdi32.dll | function = SaveDC, address_out = 0x75ae6e05 |
|
1 | |
| Get Address | c:\windows\syswow64\gdi32.dll | function = CreateFontA, address_out = 0x75aed0e8 |
|
1 | |
| Get Address | c:\windows\syswow64\gdi32.dll | function = SelectObject, address_out = 0x75ae4f70 |
|
1 | |
| Get Address | c:\windows\syswow64\gdi32.dll | function = CreateCompatibleDC, address_out = 0x75ae54f4 |
|
1 | |
| Get Address | c:\windows\syswow64\gdi32.dll | function = SetPixel, address_out = 0x75aeccee |
|
1 | |
| Get Address | c:\windows\syswow64\gdi32.dll | function = BitBlt, address_out = 0x75ae5ea6 |
|
1 | |
| Get Address | c:\windows\syswow64\gdi32.dll | function = CreateDCW, address_out = 0x75aee743 |
|
1 | |
| Get Address | c:\windows\syswow64\gdi32.dll | function = GetStockObject, address_out = 0x75ae4eb8 |
|
1 | |
| Get Address | c:\windows\syswow64\gdi32.dll | function = GetDIBits, address_out = 0x75ae6001 |
|
1 | |
| Get Address | c:\windows\syswow64\gdi32.dll | function = GetDeviceCaps, address_out = 0x75ae4de0 |
|
1 | |
| Get Address | c:\windows\syswow64\gdi32.dll | function = DeleteDC, address_out = 0x75ae58b3 |
|
1 | |
| Get Address | c:\windows\syswow64\gdi32.dll | function = SetTextColor, address_out = 0x75ae522d |
|
1 | |
| Get Address | c:\windows\syswow64\gdi32.dll | function = TextOutA, address_out = 0x75aeeda3 |
|
1 | |
| Get Address | c:\windows\syswow64\gdi32.dll | function = SelectPalette, address_out = 0x75ae5a86 |
|
1 | |
| Get Address | c:\windows\syswow64\gdi32.dll | function = GetObjectW, address_out = 0x75ae6c3a |
|
1 | |
| Get Address | c:\windows\syswow64\gdi32.dll | function = SetBkColor, address_out = 0x75ae52d8 |
|
1 | |
| Get Address | c:\windows\syswow64\gdi32.dll | function = RestoreDC, address_out = 0x75ae6ead |
|
1 | |
| Get Address | c:\windows\syswow64\gdi32.dll | function = DeleteObject, address_out = 0x75ae5689 |
|
1 | |
| Get Address | c:\windows\syswow64\gdi32.dll | function = RealizePalette, address_out = 0x75aeb001 |
|
1 | |
| Get Address | c:\windows\syswow64\gdi32.dll | function = SetTextAlign, address_out = 0x75ae8401 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptGenRandom, address_out = 0x74d4dfc8 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDestroyKey, address_out = 0x74d4c51a |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptAcquireContextA, address_out = 0x74d491dd |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptEncrypt, address_out = 0x74d6779b |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptImportKey, address_out = 0x74d4c532 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptReleaseContext, address_out = 0x74d4e124 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptAcquireContextW, address_out = 0x74d4df14 |
|
1 | |
| Get Address | c:\windows\syswow64\shell32.dll | function = ShellExecuteExW, address_out = 0x75ff1e46 |
|
1 | |
| Get Address | c:\windows\syswow64\shlwapi.dll | function = StrStrW, address_out = 0x7534e52d |
|
1 | |
| Get Address | c:\windows\syswow64\shlwapi.dll | function = StrStrA, address_out = 0x7536c45b |
|
1 | |
| Get Address | c:\windows\syswow64\shlwapi.dll | function = wnsprintfW, address_out = 0x7536ef87 |
|
1 | |
| Get Address | c:\windows\syswow64\ntdll.dll | function = RtlLeaveCriticalSection, address_out = 0x77152270 |
|
1 | |
| Get Address | c:\windows\syswow64\ntdll.dll | function = RtlEnterCriticalSection, address_out = 0x771522b0 |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetAddConnection2W, address_out = 0x73ae4744 |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetOpenEnumW, address_out = 0x73ae2f06 |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetCancelConnection2W, address_out = 0x73ae8cd1 |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetEnumResourceW, address_out = 0x73ae3058 |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetCloseEnum, address_out = 0x73ae2dd6 |
|
1 | |
| Get Address | c:\windows\syswow64\ntdll.dll | function = RtlCreateProcessParametersEx, address_out = 0x7717bd9b |
|
1 | |
| Get Address | c:\windows\syswow64\ntdll.dll | function = NtWow64ReadVirtualMemory64, address_out = 0x771520f4 |
|
1 | |
| Get Address | c:\windows\syswow64\ntdll.dll | function = NtWow64QueryInformationProcess64, address_out = 0x771520dc |
|
1 |
User (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Username | user_name_out = 5p5NrGJn0jS HALPmcxz |
|
1 |
Window (1)
| Operation | Window Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Set Attribute | - | index = -20, new_long = 128 |
|
1 |
System (70)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Cursor | x_out = 450, y_out = 213 |
|
2 | |
| Get Cursor | x_out = 1232, y_out = 622 |
|
2 | |
| Get Cursor | x_out = 1419, y_out = 187 |
|
1 | |
| Sleep | duration = 50 milliseconds (0.050 seconds) |
|
60 | |
| Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| Sleep | duration = -1 (infinite) |
|
1 | |
| Get Time | type = System Time, time = 2019-05-21 16:14:00 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 184736 |
|
1 | |
| Get Time | type = Performance Ctr, time = 23765130671 |
|
1 |
Environment (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
1 | |
| Get Environment String | name = APPDATA, result_out = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming |
|
1 | |
| Get Environment String | name = TEMP, result_out = C:\Users\5P5NRG~1\AppData\Local\Temp |
|
1 |
Process #2: vssadmin.exe
0
0
| Information | Value |
|---|---|
| ID | #2 |
| File Name | c:\windows\system32\vssadmin.exe |
| Command Line | "C:\Windows\System32\vssadmin.exe" delete shadows /all /quiet |
| Initial Working Directory | C:\Windows\System32\ |
| Monitor | Start Time: 00:02:26, Reason: Child Process |
| Unmonitor | End Time: 00:03:03, Reason: Self Terminated |
| Monitor Duration | 00:00:37 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x6d0 |
| Parent PID | 0xb8c (c:\users\5p5nrgjn0js halpmcxz\desktop\bs03u4lh.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
41C
0x
184
0x
858
0x
7E0
0x
890
|
Process #3: vssvc.exe
3
0
| Information | Value |
|---|---|
| ID | #3 |
| File Name | c:\windows\system32\vssvc.exe |
| Command Line | C:\Windows\system32\vssvc.exe |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:29, Reason: RPC Server |
| Unmonitor | End Time: 00:03:34, Reason: Self Terminated |
| Monitor Duration | 00:01:05 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x324 |
| Parent PID | 0x1cc (c:\windows\system32\services.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | System (Elevated) |
| Username | NT AUTHORITY\SYSTEM |
| Enabled Privileges | SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeBackupPrivilege, SeRestorePrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege |
| Thread IDs |
0x
898
0x
688
0x
55C
0x
6AC
0x
7E4
0x
8B0
0x
8C0
0x
604
0x
954
0x
110
|
Host Behavior
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-05-21 16:14:29 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 213580 |
|
1 | |
| Get Time | type = Performance Ctr, time = 27053753066 |
|
1 |
