9da7d298691613a398e26ac3c4c4e4e9c93069d2162fa6639901dd7c62774ef5 (SHA256)
T1.exe
Windows Exe (x86-32)
Created at 2019-01-24 16:56:00
Notifications (2/5)
Some extracted files may be missing in the report since the total file extraction size limit was reached during the analysis. You can increase the limit in the configuration settings.
Some extracted files may be missing in the report since the maximum number of extracted files was reached during the analysis. You can increase the limit in the configuration settings.
The maximum number of reputation file hash requests (20 per analysis) was exceeded. As a result, the reputation status could not be queried for all file hashes. In order to get the reputation status for all file hashes, please increase the 'Max File Hash Requests' setting in the system configurations.
The overall sleep time of all monitored processes was truncated from "17 minutes, 5 seconds" to "2 minutes, 40 seconds" to reveal dormant functionality.
The operating system was rebooted during the analysis.
Monitored Processes
Behavior Information - Grouped by Category
Process #1: t1.exe
7160
375
| Information | Value |
|---|---|
| ID | #1 |
| File Name | c:\users\ciihmnxmn6ps\desktop\t1.exe |
| Command Line | "C:\Users\CIiHmnxMn6Ps\Desktop\T1.exe" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:44, Reason: Analysis Target |
| Unmonitor | End Time: 00:02:15, Reason: Self Terminated |
| Monitor Duration | 00:01:31 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xf68 |
| Parent PID | 0x57c (c:\windows\explorer.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
F6C
0x
F70
0x
F98
0x
F9C
0x
FEC
0x
C3C
0x
51C
0x
7B8
0x
4B8
0x
2F4
0x
CC0
0x
A3C
0x
D08
0x
D54
0x
D9C
0x
D1C
0x
E58
0x
C14
0x
618
0x
75C
0x
54C
0x
7C4
0x
200
0x
E34
0x
5C0
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| t1.exe | 0x00a70000 | 0x00a7bfff | Memory Mapped File | rwx |
|
|
|
|
| private_0x0000000000a80000 | 0x00a80000 | 0x00a9ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000a80000 | 0x00a80000 | 0x00a8ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000a90000 | 0x00a90000 | 0x00a93fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000aa0000 | 0x00aa0000 | 0x00aa0fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000ab0000 | 0x00ab0000 | 0x00ac3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000ad0000 | 0x00ad0000 | 0x00b0ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000b10000 | 0x00b10000 | 0x00c0ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000c10000 | 0x00c10000 | 0x00c13fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000c20000 | 0x00c20000 | 0x00c20fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000c30000 | 0x00c30000 | 0x00c31fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x00c40000 | 0x00cfdfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000d00000 | 0x00d00000 | 0x00d3ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000d40000 | 0x00d40000 | 0x00d40fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000d50000 | 0x00d50000 | 0x00d50fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000d60000 | 0x00d60000 | 0x00d6ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000d70000 | 0x00d70000 | 0x00d7ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000d80000 | 0x00d80000 | 0x00d8ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000d90000 | 0x00d90000 | 0x00d9ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000da0000 | 0x00da0000 | 0x00daffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000db0000 | 0x00db0000 | 0x00dbffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000dc0000 | 0x00dc0000 | 0x00dcffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000dd0000 | 0x00dd0000 | 0x00dd0fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000de0000 | 0x00de0000 | 0x00edffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000ee0000 | 0x00ee0000 | 0x00ee0fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000ef0000 | 0x00ef0000 | 0x00f2ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000f30000 | 0x00f30000 | 0x00f3ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000f40000 | 0x00f40000 | 0x00f4ffff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000000f50000 | 0x00f50000 | 0x00f8ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000f90000 | 0x00f90000 | 0x00f9ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000fa0000 | 0x00fa0000 | 0x00faffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000fb0000 | 0x00fb0000 | 0x00fbffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000fc0000 | 0x00fc0000 | 0x010bffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000010c0000 | 0x010c0000 | 0x011bffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000011c0000 | 0x011c0000 | 0x011cffff | Private Memory | - |
|
|
|
- |
| private_0x00000000011d0000 | 0x011d0000 | 0x011dffff | Private Memory | - |
|
|
|
- |
| private_0x00000000011e0000 | 0x011e0000 | 0x011effff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000011f0000 | 0x011f0000 | 0x01377fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000001380000 | 0x01380000 | 0x01500fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000001510000 | 0x01510000 | 0x0290ffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000002910000 | 0x02910000 | 0x029affff | Private Memory | rw |
|
|
|
- |
| private_0x00000000029b0000 | 0x029b0000 | 0x029dffff | Private Memory | - |
|
|
|
- |
| private_0x00000000029e0000 | 0x029e0000 | 0x029effff | Private Memory | - |
|
|
|
- |
| private_0x00000000029f0000 | 0x029f0000 | 0x029fffff | Private Memory | - |
|
|
|
- |
| private_0x0000000002a00000 | 0x02a00000 | 0x02a0ffff | Private Memory | - |
|
|
|
- |
| pagefile_0x0000000002a10000 | 0x02a10000 | 0x02a10fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000002a10000 | 0x02a10000 | 0x02a13fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000002a20000 | 0x02a20000 | 0x02a23fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002a30000 | 0x02a30000 | 0x02a3ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002a40000 | 0x02a40000 | 0x02a4ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002a50000 | 0x02a50000 | 0x02a5ffff | Private Memory | rw |
|
|
|
- |
| accessibility.dll | 0x02a50000 | 0x02a59fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x0000000002a60000 | 0x02a60000 | 0x02a6ffff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002a70000 | 0x02a70000 | 0x02a7ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002a80000 | 0x02a80000 | 0x04a7ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004a80000 | 0x04a80000 | 0x04b7ffff | Private Memory | rw |
|
|
|
- |
| sortdefault.nls | 0x04b80000 | 0x04eb6fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000004ec0000 | 0x04ec0000 | 0x04f8ffff | Private Memory | rw |
|
|
|
- |
| microsoft.visualbasic.dll | 0x04ec0000 | 0x04f5bfff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x0000000004f60000 | 0x04f60000 | 0x04f6ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000004f70000 | 0x04f70000 | 0x04f71fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000004f80000 | 0x04f80000 | 0x04f8ffff | Private Memory | rw |
|
|
|
- |
| comctl32.dll | 0x04f90000 | 0x0501efff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000004f90000 | 0x04f90000 | 0x0501ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004f90000 | 0x04f90000 | 0x04fcffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004fd0000 | 0x04fd0000 | 0x04fdffff | Private Memory | - |
|
|
|
- |
| private_0x0000000004fe0000 | 0x04fe0000 | 0x04feffff | Private Memory | - |
|
|
|
- |
| private_0x0000000004ff0000 | 0x04ff0000 | 0x04ff3fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005000000 | 0x05000000 | 0x05003fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005010000 | 0x05010000 | 0x0501ffff | Private Memory | rw |
|
|
|
- |
| system.drawing.dll | 0x05020000 | 0x050affff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00000000050b0000 | 0x050b0000 | 0x0523ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000050b0000 | 0x050b0000 | 0x05167fff | Pagefile Backed Memory | r |
|
|
|
- |
| system.runtime.remoting.dll | 0x05170000 | 0x051c3fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00000000051d0000 | 0x051d0000 | 0x051dffff | Private Memory | - |
|
|
|
- |
| windowsshell.manifest | 0x051e0000 | 0x051e0fff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000000051e0000 | 0x051e0000 | 0x051effff | Private Memory | rw |
|
|
|
- |
| private_0x00000000051e0000 | 0x051e0000 | 0x051e0fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000051f0000 | 0x051f0000 | 0x051f1fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000005200000 | 0x05200000 | 0x05223fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000005200000 | 0x05200000 | 0x0520ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005210000 | 0x05210000 | 0x0521ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005230000 | 0x05230000 | 0x0523ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005240000 | 0x05240000 | 0x0533ffff | Private Memory | rw |
|
|
|
- |
| ~fontcache-system.dat | 0x05340000 | 0x053b5fff | Memory Mapped File | r |
|
|
|
- |
| system.windows.forms.dll | 0x05430000 | 0x058c7fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00000000058d0000 | 0x058d0000 | 0x05e4efff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005e50000 | 0x05e50000 | 0x05f4ffff | Private Memory | rw |
|
|
|
- |
| ~fontcache-fontface.dat | 0x05f50000 | 0x06f4ffff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000006f50000 | 0x06f50000 | 0x0704ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000007050000 | 0x07050000 | 0x07541fff | Pagefile Backed Memory | rw |
|
|
|
- |
| micross.ttf | 0x07550000 | 0x0760bfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000007610000 | 0x07610000 | 0x07a0ffff | Private Memory | rw |
|
|
|
- |
| comctl32.dll | 0x07a10000 | 0x07c14fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x0000000007a10000 | 0x07a10000 | 0x07eedfff | Pagefile Backed Memory | rw |
|
|
|
- |
| staticcache.dat | 0x07ef0000 | 0x08f2ffff | Memory Mapped File | r |
|
|
|
- |
| wow64cpu.dll | 0x5baa0000 | 0x5baa7fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x5bab0000 | 0x5bb22fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x5bb30000 | 0x5bb7efff | Memory Mapped File | rwx |
|
|
|
- |
| comctl32.dll | 0x71b00000 | 0x71d08fff | Memory Mapped File | rwx |
|
|
|
- |
| dwrite.dll | 0x71d10000 | 0x71efffff | Memory Mapped File | rwx |
|
|
|
- |
| gdiplus.dll | 0x71f00000 | 0x7206afff | Memory Mapped File | rwx |
|
|
|
- |
| comctl32.dll | 0x72070000 | 0x72101fff | Memory Mapped File | rwx |
|
|
|
- |
| system.ni.dll | 0x72110000 | 0x72abcfff | Memory Mapped File | rwx |
|
|
|
- |
| clrjit.dll | 0x72ac0000 | 0x72b3cfff | Memory Mapped File | rwx |
|
|
|
- |
| mscorlib.ni.dll | 0x72b40000 | 0x73d6afff | Memory Mapped File | rwx |
|
|
|
- |
| msvcr120_clr0400.dll | 0x73d70000 | 0x73e64fff | Memory Mapped File | rwx |
|
|
|
- |
| clr.dll | 0x73e70000 | 0x74517fff | Memory Mapped File | rwx |
|
|
|
- |
| version.dll | 0x74520000 | 0x74527fff | Memory Mapped File | rwx |
|
|
|
- |
| mscoreei.dll | 0x74530000 | 0x745a7fff | Memory Mapped File | rwx |
|
|
|
- |
| mscoree.dll | 0x745b0000 | 0x74608fff | Memory Mapped File | rwx |
|
|
|
- |
| dwmapi.dll | 0x74610000 | 0x7462cfff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x74630000 | 0x746a4fff | Memory Mapped File | rwx |
|
|
|
- |
| apphelp.dll | 0x746b0000 | 0x74740fff | Memory Mapped File | rwx |
|
|
|
- |
| bcryptprimitives.dll | 0x74750000 | 0x747a8fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x747b0000 | 0x747b9fff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x747c0000 | 0x747ddfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x74a00000 | 0x74aabfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel.appcore.dll | 0x74ab0000 | 0x74abbfff | Memory Mapped File | rwx |
|
|
|
- |
| shlwapi.dll | 0x74da0000 | 0x74de3fff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x74df0000 | 0x74f0ffff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x74f10000 | 0x74f3afff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x74f40000 | 0x7502ffff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x75030000 | 0x7517cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x75190000 | 0x75305fff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x76c70000 | 0x76daffff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x76f20000 | 0x76fddfff | Memory Mapped File | rwx |
|
|
|
- |
| oleaut32.dll | 0x770d0000 | 0x77161fff | Memory Mapped File | rwx |
|
|
|
- |
| ole32.dll | 0x77170000 | 0x77259fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x772b0000 | 0x772f2fff | Memory Mapped File | rwx |
|
|
|
- |
| combase.dll | 0x77390000 | 0x77549fff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x77550000 | 0x775cafff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x776b0000 | 0x77828fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffff | Private Memory | - |
|
|
|
- |
| private_0x0000000080000000 | 0x80000000 | 0x8000ffff | Private Memory | - |
|
|
|
- |
| private_0x00000000ff1f0000 | 0xff1f0000 | 0xff1fffff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000ff200000 | 0xff200000 | 0xff24ffff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000ff25a000 | 0xff25a000 | 0xff25cfff | Private Memory | rw |
|
|
|
- |
| private_0x00000000ff25d000 | 0xff25d000 | 0xff25ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000ff260000 | 0xff260000 | 0xff35ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000ff360000 | 0xff360000 | 0xff382fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000ff383000 | 0xff383000 | 0xff385fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000ff386000 | 0xff386000 | 0xff388fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000ff389000 | 0xff389000 | 0xff389fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000ff38c000 | 0xff38c000 | 0xff38cfff | Private Memory | rw |
|
|
|
- |
| private_0x00000000ff38d000 | 0xff38d000 | 0xff38ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000fffe0000 | 0xfffe0000 | 0x7ffc57b4ffff | Private Memory | r |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00007ffc57d12000 | 0x7ffc57d12000 | 0x7ffffffeffff | Private Memory | r |
|
|
|
- |
|
For performance reasons, the remaining 159 entries are omitted.
The remaining entries can be found in flog.txt. |
||||||||
Created Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIDE.dll | 1.09 MB |
MD5:
fdd6b166fb4115d4219b6295e749af8a
SHA1: 7ca65600b24b516d961d4c19661c7ccad6633300 SHA256: 5b261e787b477df6417c329386c5084eee7377f3143e3366cb74f824cf53e1be SSDeep: 24576:8o10ZG5bDu2kFrJ+ukpjeKpRJbF0jPqcnvTgDOnjJudb:860ZeDu2kpOJbF07RsDb |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Edit_R_Exp_RHP.aapp | 0.41 KB |
MD5:
2f9be6fc770fd9b671ce10e7821ed2ca
SHA1: 3ef9e47e6309f04da3647adfa490cdfb22983196 SHA256: ad7362c2f0011cba758f2ac0d4d6bafd6bc54700e8837e869c60b798a9c5712a SSDeep: 6:ZrfZn2OehOw6XB8dLdGoj11+KqKN3KUPeoXkfId1AW+HFgHxKVI2NCwDf6Ox8NpF:ZZn9Y8Wx71UKZKhoXkgdKW+lLVZ6hpMC |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\CPDF_Full.aapp | 0.38 KB |
MD5:
9be4a557b58306b203ebe9e71b37f013
SHA1: 6d3cdcd15dc778c563e302f46b7bf8cc499654d1 SHA256: 83ba830cb262158b92fcf1ae17cd8da627c9f00ce3695db76933f13f7e76aa22 SSDeep: 6:wsabsfOU668kORuuUtSFnQRa430N+tSDIwI5w3HcJ/xU9Qeo3qss+gb7:waG68kOLUEeRa430XPI5w3HcJJaoassN |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe | 345.59 KB |
MD5:
08fe7e98d10290c46e1ad4bce2314138
SHA1: c5d07f32b3a62c7161317abbb65ef2c8128fd8fc SHA256: 20ce401231cb43e04a484a744ea5a2a0879e30d127b5695663f8b62230339141 SSDeep: 6144:q876/QXxbnMtw29VUCYF5J00f3jj8hNBvqpGkd8z5yJVE8bCNRtDMdwf:j4QBbM+29V7Sjj8hNpcJ2Eb9CaGf |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_base_non_fips.dll | 371.02 KB |
MD5:
7a953f8c57badec84b54ac1c3e0b3bbb
SHA1: 331abcdef4c7655c49c10b4327893dcc6faed0c6 SHA256: 74460e7520230056c8bc04838f2a6fbe0398e77fdd56778cdc4b8f36a8ab00af SSDeep: 6144:Kl86dYMp9eGj6OqshaLK2FlVgOWS4qGQsnafdTBxmm1pRO5BT9r+7iZ5gBWPvSL0:rm6O0LK+l6alTDmipRyBdw0gBWiL6eo |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Protect_R_RHP.aapp | 0.44 KB |
MD5:
6120344828d6b073428a2d7f7fc89fcc
SHA1: 999d7b4eaabff28d99ca892540dbc573e56059b2 SHA256: 4e500643942244bf996077df6a1cc8a01a6fe4bfc20eefe17d80e927a107538a SSDeep: 12:dMXi4YK23Aa9X0jIyQmvjI6bVJVZ5fBHxBGv0GaeHiKJ8:hT3f981QmbIs/x3/GayX8 |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef.pak | 0.02 KB |
MD5:
43b71338b2d6a156f59ed90bac092655
SHA1: 42489fae52683e1c4a56c3f14f22e7440b3bdf2e SHA256: 63774f172e90688f5ce989fdb8dd591819847fdb1d0af7156032675216634ddc SSDeep: 3:Twpo:Twpo |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328935[[fn=Picture Organization Chart]].glox | 7.20 KB |
MD5:
c4e95b7b0a15d7da952006c554237f23
SHA1: ae9f1ef1412fe9bf3611f086778c261885c1f10e SHA256: 0b4dc603b73b1f361f0de0c1359eccaa10912f0ced09e55e898b8e2a973a55ef SSDeep: 192:U8ziMEwkxmDr42wp167hR7xTv5t4T614a:DeikxmD82wu77t4ej |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457515[[fn=View]].thmx | 475.20 KB |
MD5:
2487cc4ed553cf15439afde15f5f6e39
SHA1: 65069363488c439f8ecf27eb897f296ace480412 SHA256: d009a0426c32b4bf9be13061a96a8311b6664ecf2c8f6fd3785139fdcc8c6eaa SSDeep: 6144:23NONJb2ksVIKBUbTazVV4Invs/47lBhh08n0wHpj8LReUegJVKAfNTzhS/ol:8AJb2ksbBKT7InlXhhrvpYL+eVK6hSwl |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Flash Player\NativeCache\NativeCache.directory | 0.02 KB |
MD5:
9f6d2b955852ba0afe9442e2f24ff94f
SHA1: 56f964d2068062f9babadeb2d8e05905e9f1a4e3 SHA256: 084595ffc38547101ceb9d51459e717769a022496548caf14b5909070b83f198 SSDeep: 3:lAvoY2Vn:lBY8n |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\MLASeventhEditionOfficeOnline.xsl | 249.25 KB |
MD5:
db81a4cc64ecc6efc2d9f5f9fe0392f0
SHA1: 145e6c3da6168948b4c0e322eafc0eb685c7934f SHA256: 613764f2ebf252c0ac302bded9c9ff8eb452c520ffea1c18b33c8f6d747aa03e SSDeep: 3072:UNz+rd6WkETMTIoOMWU6hJRAP5AG31K4ax9NY2o3akcq5f09KMFau7YV:UJ+rdnTMTpOjEcx9Ndo3aktxMV7YV |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\AppCenter_R.aapp | 0.30 KB |
MD5:
8e9650c6436e0bb9fea5a057dfd5e3dd
SHA1: b55b9c6f451df4973665bc20b7c5d157f2762d83 SHA256: 46644cb2c1864ad070872f07c0468587808bcccaafd6639ca982ea29a22029e3 SSDeep: 6:M0XW6H5EtHWN502nbHhr1GnH7NiItAWgCdqUns3cGsHG8Wdn:MqW85d0mbB5GHBiItAC8cGsHGFd |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\hGiFShE.mp3 | 93.05 KB |
MD5:
eb8702bd5cc75a3fbf3c2d192c959124
SHA1: a115bcbc4eff814f12e4a4abe3488cf040618cc9 SHA256: e20c735c30300dea8511282039317a69b404246313a528bffc2816aa8d970ee1 SSDeep: 1536:HpPEErhSjg4qFkLMGYlbfPQgOGszA+PML24ZqQBh+ryOGdKjVih9MXvKO:JPzSjgrFk7YvYA+PMaQrcVhioXyO |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\5N0mP.mp3 | 5.86 KB |
MD5:
f6c073668cbd01dd84456d91758e0c36
SHA1: 550c9d5448f4573036c8490c21e499848a21a459 SHA256: e630dafb607ad62db0d12c0d11be746c9934988780718dcfbc3de689f0fa86c9 SSDeep: 96:LG8MpFRVvV/gWlsbXfTJYld1Ehxn99SEbriF/b6Esx5MbKUwy6IJ3BUTv2RQdnib:e7/m1vtYCNOAWF/3HKUwSNBA2R67q |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | 2.12 MB |
MD5:
293aa77b13e80830945066109567222f
SHA1: d616de8c88ac806e2d52432829847444657549d9 SHA256: 6e442d11b051d77be7d3ff54c57b51e7247a76b2b42a5692205387caae101a53 SSDeep: 24576:yk5lZjpB2qb2OAuipt4kBZOotV2b9sS+KcMNfxQ8jrpfyoDquMnynLhbovCXbDmE:DXZmEWRptBBcYIsrMT9fyoyKUacDc |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ACE.dll | 932.00 KB |
MD5:
a167681209fbb4e02565a5347db50b84
SHA1: 28ca3c3b2fcad97bcd19feb7ffcd03a789278b4e SHA256: 47cc1991dfefb3785c2273152929ec6532561365d7762efc7248ac65cd14b8ec SSDeep: 24576:nZWT82lCpfae+5ffU/EhxQrxLNRBI/te/:MlUpV/HxLNRBiM |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Edit_R_RHP.aapp | 0.41 KB |
MD5:
ee9ec229a84cb8619152c462052c0a04
SHA1: f568abde33e4bc549e34f596f2366c03de9204fb SHA256: a015b0f141419e42780d848b559c4e346c85300fd64cbbba277130c85c95f791 SSDeep: 12:w0imGNJVwb+EMItSa0ayQVDKDso4poj+1:wTe6EMvAXPpojm |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Onix32.dll | 744.67 KB |
MD5:
c99fc892209f93c0c92a822913976405
SHA1: 88afd282d7c78bf3bbf4c82b7c728e5a2f66909c SHA256: b045ffedd7061b56420fa0f8e4692399d0b043ad670f4f90963e7fa71cf88821 SSDeep: 12288:b+t6ra6TPCXnA3CwbFjosTL8JQbf5/bAyb0qNFYEDtFR7x/COKF5ZZGBaYaa7siX:qtMTPCX1wWsTLqQbRRdNFYEDtFR7x/C4 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Welcome to Excel.xltx | 483.16 KB |
MD5:
61926edeaf59a1b2a53df036ee8faf93
SHA1: 461ae3316b08ba46f0ef5fec68b632a36e1a0a3a SHA256: 7e306b306e70815cdab9c5972f6db829622b8afac03b656ae7d066dcd627a819 SSDeep: 12288:U+xOtPn1K8yHLepn6AGoFawUCwjCJif2Un3Y:UGOJngfrexGoUNCwjM61nI |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobData | 0.03 KB |
MD5:
9418497ff809afb3072c84d7a84408ea
SHA1: b19d728da3b4860e98794bcc470c55a6d731bb9d SHA256: 9e4ca365f628e8f8e219dd34ac124ecc9ec61e196175a650946720e54038f504 SSDeep: 3:3UMnkA79fKTn:EMkAB0n |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ViewerPS.dll | 16.67 KB |
MD5:
54b02228ddea710652a742c9074bcdc2
SHA1: f8b49b4698ea3d9375f0f9713267ec2e4869d338 SHA256: d81996fab7e92566302dec40c2e74c088f38d118362f2af4f0a4956623c9f537 SSDeep: 384:/a0jZ0SOSF3kkHhdVKpv9mPNGu3hRqrdP/7Ho:/Jsk3tHhdV89mPvRqrd7I |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\gwX91CRt0Sj.mp3 | 30.27 KB |
MD5:
4ac2fdbe8cd13f11f30652eb9f253f2c
SHA1: 2fb4f787b1ef1255ba4d14a94c7a4466cae4e6e3 SHA256: 3983b78070a1edefa31b3af55de9e52911f5f2b558449059ee919f8cdc7bbbd7 SSDeep: 768:PtjKL7ogEblJLL9nN15PZqTQB9scpgqcQ1xTUF0X0LJzC5:PtjKHoTnLLR9Z52m5pxl6C5 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\TP9I5YPYS.bmp | 27.66 KB |
MD5:
07c291e83e6d5c83e13ebed73f77fd26
SHA1: 6d2916b66760a413ee53ced44c6b334783a2b25f SHA256: b93b5f3982eabcd69f200ea5a025986da1a75180957c90f8410ebcbd92a03161 SSDeep: 768:JR+2KlFINrIINzZ+iQl3EqbIylMMNLfQrL:z/NrIINcipqbIgMKLYrL |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Access\AccessCache.accdb | 196.02 KB |
MD5:
44b642b3d4c23c8e8c4e99800c8ffbb8
SHA1: 7c53c72eb688b5cc4cf30296d11dceb9e130a190 SHA256: 4aac86f4841b0d76b333534b8e25faae2bfa6dae9cffc0d0815ccca7a21968f6 SSDeep: 384:N1aRGMr/rumfqUcwksLZHbCvG3kphQeBbEe1KVJWbjTo5:3irumyUPY3phQep1GJWs5 |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\d3dcompiler_43.dll | 2.01 MB |
MD5:
753c7953956b0df3135ac85da7ee0868
SHA1: 12a7951fda2741a34e31fa64cbd787eed6bc17d0 SHA256: e4aa4083d4abd94aa8c0a858b3e0be2304a6cbe94fdce948e75abe18a3c4ad18 SSDeep: 49152:bOoalGmkqwThXih1t4jbZ9Y0FhTG4ILGh8tmz:baVBwZWt4PZ9LqGytmz |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\cjaeW XgxzGyM50.doc | 9.39 KB |
MD5:
0669ce1122e959608a5e44ae88a038bf
SHA1: 125ba79ece9bc63a14292b12e6bceb36515d4389 SHA256: f387b8cfc9d150967f9a2db7b8430195ae038cbec359288705f4ee31195b464b SSDeep: 192:zvboLFe/hfQ122KVyw9s6RXMCjXWuGfFwC4JeI1goHSfoV5z:zvOFeJmkV9NfbWrfFwC4JeGyfQt |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\BIBUtils.dll | 154.50 KB |
MD5:
2a6506544c7146ee8d62aa920266fb7b
SHA1: 9ad09f30571699470a1c4f1e6704255548b69ccf SHA256: 3a16026919a3001e085202cebb4fee55bd948b02386b6006cdd4e0f98579392b SSDeep: 3072:ZBWzzJUCGYTPkfn5rqtFtfUJ0Und+TFPycpPnPO+PZRAiLOA6:ZEzJiYTcf5mtfUxAt7uwZRAiLOh |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\OneNote\16.0\Preferences.dat | 5.08 KB |
MD5:
370b88ecf2fbaa7c6c258b25c2365e32
SHA1: 25c832180d1b157b7ffb29b96a1b911077b6d6e8 SHA256: ebf34eb4183da9cd83bba5b0ccdf610bf7d7a6b3beb72662bf99f2695a16eeb2 SSDeep: 24:UEc1azjBXP2PSlfjH6EQzibZyZfdvJHKf6:UEc1aztXOP2jaMZmFJHKf6 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\APASixthEditionOfficeOnline.xsl | 325.80 KB |
MD5:
5312ebbbb4d928dd3d29c584efc6c280
SHA1: f8ffbb17c8b990afffc44798424dc550e52bf03d SHA256: d15dec04827ac77082b32715adf53c34a5a3c8310466b3aaede2ffc30297e270 SSDeep: 6144:YZIVbfsabSCMBXhw5P4D/yWw6mosq+Xo39hAnABvHQ5wu7vpUnHJShERGNHK7U7P:YZIVbfsabSCMBXhw5P4D/yWwx3FXo39y |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Office\Recent\Global.LNK | 1.48 KB |
MD5:
3771f4cc41c983a34fb670b6c9261de6
SHA1: 5061e75c18a21a919a19627150f55d9ac7245af7 SHA256: 6e5e62904e181c0dcbefa6ea90db12bd8dcfa83a8ceaead06d57758cb4479575 SSDeep: 24:Sv/UG071bAELSwnriFCbippvbHBvk753ROeoeW8CSlJWB9cI4rTOMeHjx1pxOrWx:SUG61bBLSwricippTRkl3Jop8Rab4r+B |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\PiQQ2Af9SozQW.bmp | 8.36 KB |
MD5:
87450d13b9c68ff2f2b395a7e4eb5304
SHA1: f41c582f0f41f85fda0cdeb400f1b91f91788bea SHA256: feb2be19cda155732f11a60dee49c37db3bade36223b9a9b4cf85477b8a42935 SSDeep: 192:YWPrlHXZjpWa9eB7/MqlamOdhCeuUw3i6QiPF8ZYHYa+zO/:YWPrlHX6PxF/yhCKwNBPFkYH9+Q |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\FDO8HMeSGmQJ.mp3 | 85.77 KB |
MD5:
bdfdb90607b74894a6251b5782a795a6
SHA1: 125c4a5576ed9b489b6b4ddbb91dbbfb84fdd9dd SHA256: d2b45d74d3bdc930faeaae60d42e69fef9b574cf0047189ebb54a7ea032500f0 SSDeep: 1536:zRSmhFrM7U5Wcbr4i9vxDfme/XLKM74cc3PijpR9SP1aulkpY+YkdTxfK:3hFrqUnX4+vxDekmM7BaEpRUlmY+zPK |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\pVHPwtaaDNFAoC4M.wav | 45.31 KB |
MD5:
e610c36f55e7a17750140fbac7826ec3
SHA1: 4b01b4b43302bd18e750d9f33f159af9dab33b5a SHA256: e58f0db894a82676c7dac1ece0084a5521249fe14470f8b03148f7d7c4fff18a SSDeep: 768:Ue8SjhMIGEu4pefdDUv3sRzgFxBB+JCBz+xA057ZN5ftYlxpNfV18tk58zj+DK:3dMHEXIf1UURkBB+4c51rftapNd0hzCW |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Outlook 2016.lnk | 2.36 KB |
MD5:
47a2770655d7da175dedc780e695a594
SHA1: 3fc53b20e47654a52188845cd71b27f5e8477ed6 SHA256: f26e5d1e4f926c6a5ef9468b3aa1986d727a9647c13ee2a2971ed3abba2707b4 SSDeep: 48:JxZLzsaag3tq4mo7QmroLEs9CMscHw5UWxQ1CL5INa:bpTbdX06oQs9CM3MUMF |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001103[[fn=Headlines]].thmx | 526.97 KB |
MD5:
6be7d6edf9fa6de15d7bbf34a4c66c43
SHA1: 4f656adf275c33cea354a8310c4c1453ede9e92f SHA256: 2a199fd1a813dda987c63f337e9ead3f3f515d8af41d6a66806fc7c2cdde159d SSDeep: 12288:99uysOggvu9FgA42GG5H5QTnNNC1EjmI8UAYTax:nuvL9O1jGt5aNNCg8ULax |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328893[[fn=BracketList]].glox | 3.94 KB |
MD5:
42af2c0bac980acf05a2afa90b6a6723
SHA1: 9cb40013b0dd993f7975128246207b0d3942007b SHA256: 0a9c17f5a7962e39fd6c857e64b034c5e1b7919eadc9798a8883f11853e85ef2 SSDeep: 96:sGyYnZpArCifXfsS39i/U2Pb2AQ/7hmGEQQSwWUd:sImrh/ES39isEYDIYwWUd |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Home.aapp | 0.36 KB |
MD5:
315272fe5f871d99fae349985f729699
SHA1: bf86da1bb8a6a999b3a1ef1fe9b16d9a40619596 SHA256: 629716502f0a8bfd4a49b223af469a6bb994453cd463529a8aaf76613848d9aa SSDeep: 6:VJN7cMdL0rVL6KnrbqmjrLxXn87tcp1Hzv3y152DFoA2rehDJsKNKsLtspmTK3iF:bOXX3LxXnDvC152DWn6FJr3Sv3ioS |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Acrofx32.dll | 77.19 KB |
MD5:
4bf0397e63d9c8bc7cad7ca33cf66d4c
SHA1: 94021314acf80968faf8bb1b0f73d3a990ad2d73 SHA256: 497c7dde0e2db352c2158db69b1ac054aaa78b99daaa91b85340636ece44d086 SSDeep: 1536:fODmsM/5TXg/h5HBAD+LWQ3TgrPEH8TP1GG3v+SAEMoeFtfvKPDKuEbVIqv:Yp65TXg/LHCqLh3TgrPEH8xGGf+jzo4F |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\0FDED5CEB68C302B1CDB2BDDD9D0000E76539CB0.crl | 0.62 KB |
MD5:
0904ac42a303a85726c1dbadaa15865d
SHA1: 8b0f8f7fe6bc944ac3590df07084399594751628 SHA256: ef88bc476319ef9d586d35e3e11ee17ca127007c0b7fd337ca8c7c89b7c41c35 SSDeep: 12:+Ky4ZVc6ubvAlePuAsArmEp94FWCFNFVds/1D0kERC0tCi9cBuJDjv:FVc6WvAleGxASEpaUONF/s9lD0V9tjv |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\FillSign.aapp | 2.62 KB |
MD5:
e60c751861516ad81d8b46597ec9a001
SHA1: 9618deea1dbbfa808490ace918e655fe08780e4b SHA256: 6d7b35c69665ef1c250e0347d87dcc5a775784b0b94cfc36e2ee9911cefb41d0 SSDeep: 48:zQ6cythqYulQcLRR+RDcTqC/A+ewYAv+l8bQbR7FMTxiSwJw:BxtsYuh2Xc+uqBuxiSd |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Local\Temp\don.bmp | 4.04 MB |
MD5:
359da2872f7a75d2c21281534042891e
SHA1: 07572189b5b55e91aea323bc84fae9812e3264eb SHA256: e83c424ed3f4fa942c776140b0667f43930b93047d609dd20515ddd80d781be1 SSDeep: 12288:T/hx5qOTiSdQRR4DfDZHLtm4Y9IYrhLUXoeL:T/cOfDfltmxf1LcoeL |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe | 866.00 KB |
MD5:
28ee974dd96829366ab78d82fde7df39
SHA1: d215505d609a5d909a224b11621f52dca05f04f6 SHA256: de5e0e5b6c783a63471b3c084e20c21ce49802731eb2635f780d98dd9f6f7700 SSDeep: 24576:nDgwEYGxuatZzsWRWZ/erJFbNQ2bFpiL5JOyLflmcR:DOoW4sQaF0L3OA7 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Jj961q86p5_E.mp3 | 1.70 KB |
MD5:
22c4cb6781c2b07f817dfb3859be2caa
SHA1: f3e716166efed02c90e0f27a7fec8066450e2907 SHA256: 0188cd1e47f0a7b0565232c665088b027c2f191f96bde4bb6981609afb3724f8 SSDeep: 48:jv6MhZsGTRfUy5YAd35YBA0EYqWM9dcmuUsbutBFHC:jv6MhisRsy5YO35YBAY5M9mr7iBc |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\TURABIAN.XSL | 336.59 KB |
MD5:
6fd94afe9e2bb4a89dc02c1cabf0a6b2
SHA1: 9d44a5613bd5341218a4e8ac2cbf58f3cc3920a5 SHA256: c53df58351314cea98d9a0a0b992f035372782ac4b2cc1e474c7bd3fa8fa5758 SSDeep: 6144:aoxL0WzLWguLcvI3Yu2XXNRzAw/Z4E4ImssYxYD3AOe7wrZRqaYLQHWmyQ7Rdvdi:aoxLtLWguLcvI3Yu2XXNRzAw/Z4E4Imy |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001105[[fn=Crop]].thmx | 524.03 KB |
MD5:
a2d647c693f7ae4286b6b84422fdd676
SHA1: 22b18d9dd7a96044e3a1c93844336e7f4349bff2 SHA256: 77ff8037d369a7665a90c3a3da5508bb68c13e5e1caff920f773317dba39c32b SSDeep: 12288:GkkhUpb7LREwUCn7r31yrNgUg1535yc5P21QsY/zYxXeRGRqR9:G0V/REpY/31yrNgNTRP21Qr/ztI8R9 |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\cryptocme.sig | 2.88 KB |
MD5:
5d2061e0709b79864a1f76b6299b185b
SHA1: 922f9efbc4e32176c95656180906f954fe889186 SHA256: ab26841e1f64ed763a14bf250fefed05624016f7a95d1de41f5daf128f77876f SSDeep: 48:3Lt8CLlK5JlZhQ07QfTUgWPMKzRHScvuH69SVkIHx6mwfT3WOn0jAaldb9O:3Lt45JlZamQfYgWUmMcvuawnHxTO3R0Y |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\1HGO.pps | 42.27 KB |
MD5:
54c361ff6c5e7a4bdf0e9deb8b15fc96
SHA1: ee4452097cee0947c75321528b3cc7f87790a279 SHA256: 3fd98018cc5f0bfcd17d24ef8c9531ffee271efca121f4c862f1bddc27a80a95 SSDeep: 768:rg/3VBnxTNQgzrHv3Cg1LV+58HPuE6YNvCmpX7L2bJcLpIm/CVnDrVH6ax7a1:SPnvp/9LV+5k2gxObCLa953Vaax7a1 |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe | 84.09 KB |
MD5:
89281f309b385e583b501d4761ae98ec
SHA1: 87dce39c7cbad02e5de8bff66da1c25b893c5b2f SHA256: aa2913fc926a79d1dc6d90c2ee87423a7e99a0590dcf4abc7967b03c741019a8 SSDeep: 1536:lj0nmCAyg6W1wr/50N31TIMyHZtXUohOLzCKSFgXQVDfYJhLrQRMh:lInmHyg/W0THCgzRuLy3QRMh |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Word 2016.lnk | 2.41 KB |
MD5:
a4432ab0bd8cccff53176feed9e12321
SHA1: c38092421c790b90234200255407349dd1b9aa3d SHA256: 1c1f7253ac8f24feda85e0db267588efd9e7b9f7e4ddc61f99962bc24f866160 SSDeep: 48:nAEXy7agHi087R3G6n7d4uNNcUwwwwwwwVfE0ItG0X3wwwwwwwwwwwwwwwwwEHaq:nAvPi087lniuMUwwwwwww+H3wwwwwwwY |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328940[[fn=Radial Picture List]].glox | 5.47 KB |
MD5:
f7d2cda0fadeac347e7c4f83d80a0c8d
SHA1: ec15ddcacff4d686e390778d46c517ff8e649921 SHA256: 8ceb1ce651d4a816cb28a687b7345322d4052c7870d4d324f45ca21769d1a4d3 SSDeep: 96:m6KipQwAG58TLKvdrngzeGtiOYwM+4fS01pTA9urovhLK9RGPGcWGKF1V:fzqwAG+TLSgzP7M+LsUurMOfcWGaL |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Scan_R_RHP.aapp | 0.45 KB |
MD5:
3cea9b4abe404854a08abf14d0fdbf92
SHA1: 5747db1ad0085def86182d52835ea5885aa0fdaa SHA256: 0ab13763d9c549b26d0c978e400da0eadbec99b0fe4fb4121cb36af5c26b57f0 SSDeep: 12:2ukRVPiiH+MPYNg6VQ3iZk/IEbCiPJ2XQb6:m79HfPYNg6VQyZqXxOG6 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\SIST02.XSL | 245.45 KB |
MD5:
b56ee981ac1bf40bcb60ee12a8a2ba2f
SHA1: 1c3400170600532c278a1a9c033f3ba2d7c418ed SHA256: 935d92ab02acadea094d93960a0571017fd318ebcb167c9f46d05a72b79fb102 SSDeep: 6144:YLJWgmHLRJZNyV8oZZblIv6a9eMi7Mrk03O4or9DQjbf5iU:yrmHLpNyOeZblI9S9DWbf/ |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk | 0.02 KB |
MD5:
7e9945279a47c5b4f83a6df5205de95f
SHA1: 575dbc60ddddfaa3ceca50d5520b5f336959c232 SHA256: a6ff62c9347710473c0ab67c156fbb25827893a3e77f24b396f009b89355ad5d SSDeep: 3:Tgu:TN |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457464[[fn=Dividend]].thmx | 557.53 KB |
MD5:
860f38a1e8e32a194e9b0444d97114b5
SHA1: 51a91afb06c8c35796d390a6c9a4404583f03c87 SHA256: 57fe7de0b95895e534f9ba7a303b58b204f61d245ede803e61f368dd5bcdd760 SSDeep: 12288:74WxK2Zd9++hWcX48CCkZ9cvpJF9Yr+Kk7xpsqT4dI:EWxlZd9FVt4ShXu6fxp5EdI |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\gW_ 0mkl9Fl_moi.png | 55.59 KB |
MD5:
be9507720cd19bbb875d3011fb51c580
SHA1: cb8ea4510eb9a140ddfe7d81861a14638fdb45af SHA256: be0373aa25bfbf492270ff478528d5d9544cdb19888949722772bca8696c5e61 SSDeep: 1536:/1WJE9gOXVOa9ZGVEl92Kj+oezFqrJSxqw:/JXj92KaoSSJun |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\EPWxIuv.wav | 2.36 KB |
MD5:
e93ab29f677e22df0db53979db16bc71
SHA1: 798359722151b9799cdf7c92c2849a3d90b4c815 SHA256: a0ec59de2a48fab167d506bf98868815e681a833d83faad88d9e7c36f697f125 SSDeep: 48:eF744IwOjBosePYeYu7s3z78N7oEDfediFnxowRo/:e5nIwIBSYeYu7s38FwdicF |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\JP2KLib.dll | 752.50 KB |
MD5:
2db307acd7ef6fb1733405a6a4ff5d22
SHA1: a2fd5a1d4e586c8856516a2f0219479e24334b4d SHA256: 4906ddd5a0a2948a9e4108c5f57d23c79ecb1b4b5d6050116b943da2e5ba1d0d SSDeep: 12288:IJSxVb4iyG3AX2DfZNGBahs4uT3qL7Fz38TQ7L+Bjbbnioe8lDobbbGUp2MNky:IJMyG3Amfc4S27J388fQjX13l0bbbJ |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\CollectSignatures.aapp | 0.38 KB |
MD5:
2bb04053c2d49ab09669eacfa5c5cb60
SHA1: bb34b2e138dc0ed306254728c6f7b2ae6e43bae7 SHA256: 4921c6fb96719a43f29fb69ac6ef5b253d6498f33571eb9cbe4941da0b60e89b SSDeep: 6:MK6WEc763P0vGQ/uPsxNgHax45H9ry+OLCj0FFQHwBDJj7y0WbOP3Jlnp:H6WR+0vG4uPXH9u+OJFFWwBFjaYvp |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe | 44.00 KB |
MD5:
64ec9443df74839f22ae10d7dc415ad7
SHA1: 1409d1e843ba56b997b74de317621ca17768733f SHA256: 2e532225a964ad5484012429318a0137749d69bdf0ff19ab37ad1c632a87167a SSDeep: 768:WuIxEBSYrc4gdgEvCcMmZkjzgjWuxZM5ak+yYc4nZUmzG+GAL5:W5YQcECcOgjW0R32c7l5 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001115[[fn=Parcel]].thmx | 593.88 KB |
MD5:
336156df121b5a08c91b169b0c03e108
SHA1: fa2920bf7e6a63a2d46d446d7009686d442034bc SHA256: 6bc83dee27ea422278e9455480e3959d98f62bd9841763bc57850f7eeef2821a SSDeep: 12288:vAPA8AgVtKbSRI0iah1OQGXXORKgJgoy7q2UwURWE0UlEz3589DQ0Wc2:v2tAzb6I0iah1OQGXXORK4gPxUwURWfd |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\pmd.cer | 0.42 KB |
MD5:
381f347323c862a508a5497e6d22e313
SHA1: 2e35246f1925b3c77fe22ec092cc40860fb3a999 SHA256: 2ec792c95c409fa1c83a30968c5e5fcd06d57ce85d0c07516dd1fb84797dbc3f SSDeep: 12:ScC6Zn+TIrC+NuwYqF/AkgZh3bu1vhP2xXM7OB:XCtQC+lWf324wOB |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328919[[fn=Hexagon Radial]].glox | 5.89 KB |
MD5:
3141123c3fcd561882d7a0c515cefbdb
SHA1: 958dca3c04a3a158f31f7b3d4aba0b33549c55c1 SHA256: 97d8677923b2a93d61ad7091210b7f96404334badec0c79762a3b1d00dd90562 SSDeep: 96:QD9jw51wt2BxWLhtpIBzwtXNke+aUKKl8uFHkMI+psXQvrOGQEXQNIY/ZO0auN:C+C2Bwh3tXH+AuNkMimrfQBNVRO/uN |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Office\Recent\Documents.LNK | 0.94 KB |
MD5:
922d62ddd5d5febd9c9c819a275c0e77
SHA1: ad224cb8016da2c8dfecfcc817dde634144c1a84 SHA256: c3435d84e4bed647291f8f9751352a325187ddcd411d63a941ea37f04d803a23 SSDeep: 24:4UuyqkNcMZpYRzmwBLD+MQXZQaOLFIyx3ycirih:NVOYgKwBze9Tyxj |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\logsession.dll | 392.09 KB |
MD5:
bb72eb87eb29d473d49cd3ec6315d8a5
SHA1: 93cee6907e04d7058ea5dae1194b30314a60c673 SHA256: c9c319c1619448996ac0fcfe3c759398c666b25d7670eab815e10be8e383ae75 SSDeep: 6144:17I5ZPGz8s7iCs4ritq1Gx65HQ/lAyzVnJuwCxs8A/D/qid7aYRtIm6Zgu2I5SO:FI/PGz8UHC0NQ/9Hu1Ab/TdBqgu2O |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Compare_R_RHP.aapp | 0.44 KB |
MD5:
3276671ff09792112c15f2d8cdc4a57a
SHA1: e661c2648d17afc8123b5b46db50d151d09e2588 SHA256: 5f5b0a111e0490862e1d6702202fc27c10fdc7948bcb6a5fd91aaa5957ca0f2f SSDeep: 12:DTTtbHssIbZ4OxZvJM0Zj27DJ1CqfDou0Fjzc1Z5YLce:LNIFxZvJMI27zDou0FjzcX4D |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328951[[fn=Tabbed Arc]].glox | 3.61 KB |
MD5:
f10eea38550c638b899478772b48fde5
SHA1: 5cf23a237cbaaa6fd5c430fea04907ca4947d07b SHA256: 89086ae4a23317bd0421607163f002d98c9ee5f87aeefdaae906a5ace52fc919 SSDeep: 96:lbwcgc3FugTsRgq6YJkEhWesqbPmhLQVDsTLuaGT2:lbwcgcVugvq1L4ePeLID9a |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\icudt40.dll | 94.67 KB |
MD5:
7b6dfa24b6f1ee9fb240aa5d8e198086
SHA1: 2f5de864c5e3e059f95eb11f181e3e81e342ce5a SHA256: 7edb03a316530448f418b38006664d7cd39d79a2e021a7d197da9fc8b8315272 SSDeep: 768:tbWe+m3DdDtBtpc0eysBqUqrMa13PpvPRHctc0QRoSCEDtDfuYaYoaDvksnxnrNc:tbW6k0eyJJF6c1hx8gxjPKDsV3yOyWu |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\ISO690.XSL | 264.31 KB |
MD5:
90332f49dc87a092a7a28281366a2baa
SHA1: 58fdb5c2a20981a14fc447de3935c56b4d5808ae SHA256: 7d7797eb36e9ab92bc16ed6bb721408cc1ea3191004d655d982ce3ae0cf3e26a SSDeep: 3072:6yesuKq6cGu26A8t9vOyYqrEFRitYOKsRSEWelkn4bVwboNmISSY7nt1:hjIv2yYqrEriKOfzlknuiqmISN7v |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\rt3d.dll | 1.52 MB |
MD5:
d8ab0dbf3475797e659bd7097a5c1a9a
SHA1: affc07f9880501bf5f11039a57a523c87464d8d9 SHA256: 4c296167b50b809f22fbf57f8608a9a6836233216777788f5f6a6c64e220753a SSDeep: 24576:rghEvOv1Ul3sfwR847jmoz4mvqMqh3v9/rv8F3BLlcvPdaZRvmEQqUOgx:rix+lcoRBW0d6Vi3B2t1EQN3x |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk | 0.36 KB |
MD5:
03be883131b47f349ec46a8bdbde1d5d
SHA1: b81964ccddff55eac4cdb61ccacb54a6ac3a1625 SHA256: 48fdcf26748e62fbe1aa377769f24d2b2495c476f361070c58ad1d7cf5908ced SSDeep: 6:44MJenEowdjIakbOIqc3Hca97hMUfc18cPMJOHNqwPraqJyMMbKHcyHvn:44hhSeqyfCULcEAHMBoyMBv |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Measure.aapp | 0.58 KB |
MD5:
f6cfd7ddb7be4ab6563219356a436044
SHA1: fa9688005df602798a441e3f5842d35a7cda476e SHA256: 8c8f100042868eece3b27ee82c17213f60c960947278d41043fdf29df7ed5124 SSDeep: 12:Ii6Hb5HjB/0AXiSYf72Zz1uN1qs3j0FxUAQJDhk2CU2dyv4++Zz:2jB/t4D2ZwlT0FxUpJ63P++Zz |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Outlook\Outlook.srs | 2.52 KB |
MD5:
fa8a09ed06d2b4a23c462ba3a87f192d
SHA1: fb8899a64cede5d74c0c6485e1ac6df54c900391 SHA256: a8671583ad457eeabdaf5756e8e0639e001d5068da32e06b969dec7756a51a90 SSDeep: 24:W2tHlZteEJygshoZMg/3UJ1/Bt6WyC4BeCzqyMQZ7ows0T:PHlZteEkphoZf/3UHJt6WRaeryH7bHT |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\LogTransport2\LogTransport2.cfg | 0.22 KB |
MD5:
9124442cbdf1cb34de5c6cf731e300d3
SHA1: 252b9cd115586e6e98e3ec88e87bc52694d96274 SHA256: 64c23a793c52a241da679502d72a6faf81b6ae44730fbb559861330232864f2d SSDeep: 6:clQyPC5suLNwQ15wMUjoGCcPyaAkvtbmt0cdV6n:UQcOL11OMUjoTuyL2pn |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\TrackedSend.aapp | 0.39 KB |
MD5:
fbea58d035ffe88ed43fd2146f7515a2
SHA1: 6fbfa10458242729f27559c0caf4e4c55eaa2ec1 SHA256: 846a6bd0ef91d6acb167a221e68e0aa0231002bd4fa8ebff753af2d198bec331 SSDeep: 12:cMHLg9+GPbIXK6soDY3/0rcNfOBHDgtBckJgam:RU/jcKC5chOBHDHN |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001114[[fn=Gallery]].thmx | 1.04 MB |
MD5:
1cfd27557fff43864497d24eabb9f0fc
SHA1: 85c01f5ddca568a035ea286399bf363055db938a SHA256: e2fb78bdecece02fbeddbe689118d4c600dabdb728473e144380009aaae67699 SSDeep: 12288:henHMqA+gWA/nH2hVscaqD13jOrUM6CHBcDjeIETxRsYUozxV2johfX76IcN3gqi:bqA+gP/HONeUMAjexFRik+o5GIU3PVw |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe | 28.50 KB |
MD5:
8fb170f5cb4cf4bb5d53a156e83358a0
SHA1: 4a264c5d3e174f8ab29825d0caf8650c8c9d1447 SHA256: 51aca29087f6bc733b8cdf6179224595c9a82e2020b262fb5e26641be64d580c SSDeep: 384:GEFUaakQ9+9i/fa940q/EYW/UWV34LFjCwV35o5ETJDuJyOf8KaiQrtyVvv:6CQq940kEYMUc3IlC635qETJDu4+aTJs |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\iQKMvUzGPjtGBd0lRgyy.bmp | 8.58 KB |
MD5:
e2aa8ef4d4822795b88d1720203b29a4
SHA1: f6ccb7ee6ea1900cd9d745b2a135785ec9df69ff SHA256: b6b9187b6cefdf3a67719443ea2c787903957c376bfa282abb77ac9ee8c4e89b SSDeep: 192:bIWBoGikcWHWK/UzaRyVeA0nEV0E6ursMsmZ++6M39oXOqF:/oGikzHWKlRyYA0zursi+sKvF |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328925[[fn=Interconnected Block Process]].glox | 8.98 KB |
MD5:
76c7079e4513a7d94082572b308a14e1
SHA1: fb20b111147c92774eed948081600d7e4c0db46d SHA256: f03a621e4fa4cd1cf878fd813b84a448e6b42380f41a4029205244f76da771ea SSDeep: 192:hD1GtgctsmYAlcqlpwbin8ayKYxrpTtJJzFlxPBfNQ2nHQHmT:TKgclY9qlpy/aLYxrNjFFrBfIQ |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Outlook\Outlook.xml | 2.34 KB |
MD5:
fd6914bc3078edfa3587631f25913421
SHA1: f79277d8f696da057054d355f88e3ffb4a656635 SHA256: 504d58846029d67c17a6ddbb8e503e86a0982a934606ccaad1aa8458b6f4578d SSDeep: 48:hClrWjes4xx5GTTFqvGZ6Evq91AhXh5zDMU7XtnaVq+7Zx9ccdJYNAyPKd:hClrtsbTZqvGZRoAhXhdDMWXhaV/HdJL |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\aF5hPNlB271.ppt | 85.62 KB |
MD5:
5826aa0252acd5987903d1bc27485dc1
SHA1: 866e4f2ae053bc5b5e175c751b428ab6cabb5e4c SHA256: 3b2fc0a5d532b656cd3649ebf04cdb43a0360c08943fc895a3e8695ffeab91c6 SSDeep: 1536:Vlmst67jXaXE639PCWTPQQVC3wA1Y0W/pZ0lkbYdChlZ7tKel19SBXcGAE4rsv:VlmstW+U639PBLQRFO0W/Ug8CrhYe3g5 |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_asym.dll | 212.52 KB |
MD5:
da6ad73953a64578b6c5e57dc920afbf
SHA1: 2b81c71a33d2a8b5189314027da6b82e2ab7835c SHA256: 9b6d5659cd555ff121cdf2464fe28a06ad13531f29b780c488ec1c68682ec0c0 SSDeep: 6144:vpQFdY/5nv7moPxGkuFQmkois1cXSec1GyO17IE2Vgp:yY/5nbMsoRSaUz |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeXMP.dll | 299.59 KB |
MD5:
b2dc928be4a5e23b13a307c7c7e071f5
SHA1: 3b2f00feed9ca7e2ff305576357495e55567ea5f SHA256: 5a2dd600f862244058be59eaefd2369cd2b43dc7d5f345062c08a274499315b8 SSDeep: 6144:jddqyQyIKt0VwN8m16clZO5oShbyLjmGPJJTTYBhvjPP5iDuFV0:jdA9ytCVw8m16ciiTTY3EDuFV0 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457444[[fn=Basis]].thmx | 544.97 KB |
MD5:
8e9ab411b1cbde4936603a1373e98f81
SHA1: 9fe2235a7c0eb79e9a257c39c8c1b528fd129cd1 SHA256: 1d92671ca8be4b22985c4b015f9ddcd143ea7cdb092c7f35c8095233416eafe4 SSDeep: 12288:D0iUUvIwLBFUBrgur/dPUKUYiAVpRhmnsFyJuPU3kaO1v:Qi5Iyr4TlMCzmnalt |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328908[[fn=Circle Process]].glox | 16.42 KB |
MD5:
badc9d5c33d01676d732bc4692d07ebb
SHA1: eedf72829d67553d18794fb5dfee38bbc1a0df01 SHA256: 31238152e5cbd797aed8908c5ea9f7fd35a30be62a4016a022a63292f10e6ceb SSDeep: 384:Bn+90jS4mdw/HqMViGVg7Ebji8vNQ6/OP5LbCRFKizG5jUw3q9o:B+QS4J/vPVpZ1wRF/5FL |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\MoreTools.aapp | 0.34 KB |
MD5:
44ee5cf7217706299c092a07fd078904
SHA1: abe5378031f5fdffbec39496adead72e2d9149a8 SHA256: 2cf0765e493251c8b3ed5d3b92fb75f0a8d059d3f114c8de54209c548367ad62 SSDeep: 6:6bcZPQyM15H72ay2Y54voMA3KA7GHd/a6KXheKGfN9mqSJJZ9awqTOyFTz47cmIy:6bsM5HyI64zA6Gi9a6YpJX9lzATzkcmh |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Res.dll | 10.00 MB |
MD5:
388bca3fe2ed79f74098c516e5f03ab5
SHA1: 6298396e5cbedfb217abaa672d9541c7d49eae55 SHA256: cb0ae550e3eb155af554a33c750e3eb1e01d499a6e07ebb3d7eae3fbdd67d581 SSDeep: 196608:tw6Kt9giXHkK45RpmqKHHwTBD8ms0I17ZFfyOBwTRNVDiz44rDIkamqBwobpXdGG:tw6Kt9giXtw5Y/FfyOOMc4rLaxw6Vdr |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\G5MbiMZSXdsj9RRuy4.m4a | 66.03 KB |
MD5:
4748faf7034c25ecc856ae7047fe1a04
SHA1: edd13c2bf67b8d3c2accf006f27d05868306a7f3 SHA256: cadbbcbb0091e7ff7ea1fb4a5c1667cd3ec52da1a86843ff1f7992e53e1b43ba SSDeep: 1536:XTEA455STMqTk16bljpKSCNhNni7p5d7d/EWG:XjWwgabljQSCnpi1D7S |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Document Building Blocks\1033\16\Built-In Building Blocks.dotx | 3.53 MB |
MD5:
003ea3fd9bdf803432b4cdcd24fc7626
SHA1: b7d1579d2089f3f8ba3a16edc0dcc20a2a4608df SHA256: dc3d42307698acd91a5be97aef9f3879d353ffb5cde2250d8af8dd6a91e33119 SSDeep: 98304:VOdMIxbMHDDWafFoEW5/VMGDtQ3Zgnqk4ALLB:VOdMwqDWwWJVMGDtQJgnL4AXB |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe | 84.67 KB |
MD5:
eeccb74f827140fb005ba1c479af1755
SHA1: 16ffc6d043c72958c6ae8bfa2ae4a9168ef240ab SHA256: 6db57d2b4a394c139416b3324811c7b6460e5225f7e22fef3c4ca86d45a9f52e SSDeep: 1536:bryaLGfRPRhYuQ55f7wg1h326rFhtNVW4eEasjx6xA1t+MH:brJLGfRZhYzDfUi3Rb384KGx |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Edit_R_Full.aapp | 0.41 KB |
MD5:
04384d3d1ea8bd30a215b5e0afb30a21
SHA1: 9690a7eab9240a56ad4b76287ce9f5e89831a89e SHA256: 0055e74f14f5ecfcca25224953b5b400ed12764cee639f51bd1dbc17ed5bd4c9 SSDeep: 12:DTT88TIhV6FLRpoTGVGTqMglPAArTYQi7GA:L8FVo9poimOl4Ar0Qi6A |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328972[[fn=Tab List]].glox | 4.78 KB |
MD5:
e517565cc3ea73a4abbbbf7503455607
SHA1: 22de6d80501924bb7cfcf50c5f08036906fe43e4 SHA256: 3916a7e8256cf38411f293ca485c36cb70e79786a823b2bfecdabbbe76a9e550 SSDeep: 96:bxzNhbu6uxSPSmnKOiZlKJxdWebNB+0zTbIlXyl2UTg1jkONsBwtu4X:Ne6uxSPHKtlcxdWepRbIlilo4OGCk4X |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Cashflow analysis.xltm | 371.11 KB |
MD5:
0cbf7ce4b5ca876e1098aa59324c4dd2
SHA1: eecd4b1caa964f6a2c64a10b5b5242cd7cbbce74 SHA256: cf4bbe77d561ebba41ced9597174dcce0c62ad8b0f75d4d2a5f348ddeef7fcf1 SSDeep: 6144:JxrPXl7KcIuGjDx0nt2/oY6W9Kf9HqCrBvssE1Xd5:JtXlx0Wt2wY/I9KCrBUl |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\fXiuXdEX.mp4 | 6.41 KB |
MD5:
1b2fcec576d5099f45503728f61c9898
SHA1: f26b7132cf34612ef1e93f40286285e575cedbf4 SHA256: ddeeb8b473f7df330733e5a3b1b38873ac6427bb90012deb2ff70f918cec8dc4 SSDeep: 192:QMXDaJibQRl2bLili0D/LaC1fkuy+LQhXq:QS6GQ3faS6+LQhXq |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\icucnv40.dll | 860.67 KB |
MD5:
a3b0055c368999fb0f182ad308e9b9d2
SHA1: d4881217fdd4436de4aef558153dda9a6b3ddfc9 SHA256: 278704b7e66ff8cac6821d65af2cf4feb37e0b9e1bd6dee6565c0e1ef7ebcaaa SSDeep: 24576:w2SRw6yNLAqQ3lQ2X7T8Z2AmPgKUeCjSRYs5N:YR7UszhXcwCj7s5N |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033919[[fn=Circuit]].thmx | 1.40 MB |
MD5:
9d67ea9f34260016e23d4c20845f1f49
SHA1: dec45e0ca366b04d6bcb3e41e6de0ac0a2e5bde7 SHA256: 1a8f1eb9f395191da53dad10cd534d0c03ce1c3200495482d972072883c3b0b7 SSDeep: 24576:RxcPNa0dnq6MJHF1zsqvD6OatW5YCrx9o7WD0V7Iozc9hLYsa9ZnG:RxcPAcqNjKeIwRrxKKCvzcks4G |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\GostTitle.XSL | 245.56 KB |
MD5:
d0f05992845c2aca2fde9c32687a37ea
SHA1: f8ce36fd04cfa143a6602e52d864e995b85d871a SHA256: b59493d0f88fbb5542581f39e9a5309dfe6047e22d5d4299bf73130a095b4be0 SSDeep: 6144:MK53KymHBoAa0AzVY9Z871eNvtWV9A5953jk6HH+4Vg0K:MK53KymHBoAa0AzVY9Z871eNvtz5D/ng |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe | 281.50 KB |
MD5:
f288a9959a20bb535f2bc638622a2679
SHA1: 4a490e2301dbe4977d973a88c1098a8d3defc1bc SHA256: c4f4a6d18f5afaff03186dde9be1c4467b360de1b3a3518cb41af08ebb1eb24b SSDeep: 6144:vYJBHc4H3c8o3z0ccx+pOOCRZ7vDiAHcoVEBKb7wL5kmWG42owRAv1:vkHyjz0Lx+pO7RZDDim9yEwWeRA1 |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\DirectInk.dll | 128.00 KB |
MD5:
aaa1c74f96d333215b5cd5ce01587957
SHA1: b5c0f1fa6b61689fafde6113a401358dfc54ef18 SHA256: 3c400917da09ed72eca855db2c308d379a2954b9a8b2fc3e779891107d8da8dd SSDeep: 3072:N1dCEwx5rCdeILFD3Z/GIOFWQ6XBHsyUEAg4eS+oQ7mQGKj2zPK:NOv5rrksWBHsNEAgUnQ7mQGMWPK |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033917[[fn=Berlin]].thmx | 953.14 KB |
MD5:
5496e7623617ae061f97652779449902
SHA1: e4e8c7881104fdd292a66b549c34dce09d60b505 SHA256: 609bd75c0b74b4e9b181a8c73f4e6a27e722ec1934d2cac66ede66f3b99c316f SSDeep: 24576:LeDmmmH85qum1kJlCrqslfV1+Beh1Ym52AN5m8po1IuL1MPq1dmIgLdSB:6Hqb1gCrqsltQBehu2zkIukodmjgB |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033929[[fn=Slate]].thmx | 2.25 MB |
MD5:
99e93f3d7c383d4c912570161e60a81f
SHA1: 8e83f1dca4fce756e4aa1aea77edcb09ef3a9286 SHA256: 31934eb471eff00411176507d59f118da22bb427a912015fa0967536cebfdd26 SSDeep: 49152:Hy12fmPMZM/hBJ7aid0yRdeEhTbX5DSRCVTLqZcuyDH3M7WlBSRQoRjpaCihKf:LBZM/hGid0In55bDXiSSRTRuU |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Stamp.aapp | 0.56 KB |
MD5:
014f151f5fc0a95cc3e922be4963b28c
SHA1: 5d61c7f00bc85929422a6f76958cc4c2b6257f34 SHA256: 8709c2cd84ce36621a3c0855ebcec84affaa4cba8148df7cb5c1148caf1a0039 SSDeep: 12:P0DnVzoKW7tcK57cvCuF6duPb5HFqgeMfpcxtrpNtzthnfEYPI:AM7tYvlqVRx9pzzjfEYg |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Project 2016.lnk | 2.12 KB |
MD5:
c94d5456cec9d22b53d192a13644ca7f
SHA1: 55381f46f92fb97cee41a47769641c9deaa82a7d SHA256: 3699b9d9fd026f0c94d7ed79aa55a76f2ea2abf21d22b1faa98d16af3b1571b7 SSDeep: 48:UDDD4R99u6YrY0I1XQkKxqYT0YO/yhyKnlIWpz3Yn5SWdv4:UfERHu6YrqQkKx1O65lIfh4 |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AGMGPUOptIn.ini | 1.69 KB |
MD5:
aaa3212cfc8876b869af0a424278326a
SHA1: 43f0cb99cb923f8d7808565f0e17ba4e6b037c8b SHA256: 065dc6dc3b035380d1fbbcc5c72893af706e3b9d21e7ad532fc2826ed91e93a2 SSDeep: 48:U4MOOPlRewSgqKHXSyIwoUvjaRkUSRKzvICJL4:sewTlB/oUa5SRKjIOL4 |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\PDFSigQFormalRep.pdf | 457.23 KB |
MD5:
7d4cff099ecd0bfbe05d3beb7e04ab13
SHA1: ca20ae86a00230783b58231c3f82fba1bb470b8a SHA256: 2fa7381d5d62971242806ff314ed0f938d4da43559de528b03dc6d4b0ac32cc7 SSDeep: 12288:pyms6JEWU+j8JC7kJPC0Ek1fBKmgcASQVYl49acsmaOMOekft5DI2dD4xEC/QTvt:pyno6C7kJPC0Ek1fBKmgYQVYl4EXmaOB |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Publisher Building Blocks\ContentStore.xml | 0.17 KB |
MD5:
f757884478b705aa8832e547cb052951
SHA1: 13461a6b785ac64fe725339ff7c4721ba90637e2 SHA256: 8477236e23e880ef4fea7e104320614057252d7aa62990407a2081c5c1bbe91d SSDeep: 3:jyvYHmALbJ1iHOhhNOQadXvPlaHp5e6+Nqu1hgApGkcewXhcM5wGcdF9tJ2Sl:j2YXLg4bOQapdG5+wKxtJ2Sl |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328916[[fn=Converging Text]].glox | 11.12 KB |
MD5:
e3cd6cbafac3629795b4f7d891176d52
SHA1: d5ebb5535c42b0a12bee68255526df1f30dac6bb SHA256: d219f23b0419945a511c2bbeb1732bfaebc02c1d3296c37e473f4e98afa66eea SSDeep: 192:Owm6NwGmNPzU/HLYL511BrRRbE/B47+1DXa9+dOmAXvHn81uSfFEn:OwTw/7qYP1pR8LDc+4man8Zqn |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\sqlite.dll | 315.61 KB |
MD5:
65aa01fa9654916252196ed62d4a315d
SHA1: 5f5f0ccd8d98cbb5544e9716d7c430eeafff0e14 SHA256: 9b26b4c6561f12bff17cc07c6cde6eb964751ffd09e253c65a8988bd4c3af77e SSDeep: 6144:rOr26kS7yL9N9vJdGKSWjOoRjGJCYWCwYTe4D2INzSmGKgjD7:EF8rMW35GJCYVdfrNzIKED7 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk | 1.22 KB |
MD5:
59b4885f9c9828747c6274131aeed190
SHA1: 7ff8d6bc2bd9e6de7038e52cc738f8ac97432b4f SHA256: 522d056bb487cfaef01cb6c93a37a4a15f810c04d5e363eefa1ae7d38cbbfb78 SSDeep: 24:7bo4LORKQlTjnqwIjKY0d4SuPvoM4Ma+XxaSNgk+8SBPu4438J1qRQRa:Htm9ruxo4rX8j+Xxa2NgVoxKo |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Calendar insights.xltm | 892.86 KB |
MD5:
6672e6e1f7b80c8765889a9ebd6ea67e
SHA1: 0e0f1512c92f4c8774b23f5c70bf55ed13ab9f5e SHA256: b47d04da46e27826824624d0850aa867a3246b727c0f793399e4e2575e4c5b35 SSDeep: 24576:8ralhhjajnT3iPq9HxuJAU7pjPjQ8Q6eDM2:llhhWfxyJbQ6e1 |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef_100_percent.pak | 0.02 KB |
MD5:
6e52ffe9f6a68dd720aab4db0c4b20d2
SHA1: a25c8c024b3b2a62c73855f137ae0260ca65de13 SHA256: 84a2a7432e7271969d958b8961d9e988e1726fa10ef98cff7c6c4e90ed0e5bce SSDeep: 3:JfMan:Jj |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\d3dcompiler_47.dll | 754.14 KB |
MD5:
6c88f2082ff0517834cd0feb64610f4d
SHA1: 1547bb3513adb4aae4195c1c45d2e6b5997f04cf SHA256: 3cb9ccc6ae323a39e9bb0d7c43a9a986d6a56dcb7f57b1ec2ce9e64f1796f243 SSDeep: 12288:PDr11NSOdW5G0yqtDsuJ/VHBsFmdigyqNI8EVXW0aAqIXcDpLnH9Yqru6In:311NSOduLsFwigyKlE3aAO9jH9/An |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ScCore.dll | 574.17 KB |
MD5:
d84fef1cf65207fc53c33e0f7eb81ad2
SHA1: feaa8009d75aa2dc0fa021ade89eadd75e91ed43 SHA256: 95143d31fdb0f324b837eaeb14e4cee20e7f767c969e14a813dbc916f4631913 SSDeep: 12288:q1kKeCl70XPDgld9Tfc6S/yvje1U22GeL757OxZancnEjJW0NPxePi:q1kC7qPDmTfzqa2LeZOx4RNP0q |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\MS Project\16\en-US\Global.MPT | 1.21 MB |
MD5:
45d1930d1dced2bbe028c0353bcc09dd
SHA1: 1f2f7852dca41aec677a03a6c3a7960b4ff0f320 SHA256: 7963a979520a4df9385fc81f232dd662467946ad207da90a24dc61130f300373 SSDeep: 24576:kp4a9Ss1TqS2THjJ3HD+oln5mmVZ2R8HVTmFmZ7SUmgoPJq7AlHkvkHyfj6/rkx5:kp4apQpTdUwcU2PJq7AlHkvkfrA |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\pe.dll | 1.41 MB |
MD5:
c8bf156efeda42257651e85972817203
SHA1: acce5b8bcee66ce38218ed99102e650d20d1f931 SHA256: 375f189b932cb09df8d3b01df21ac79d06a98308b7257166da9f3b811b83b57e SSDeep: 24576:oK9iTx7exw3hyMwDs0xIPk7f7Xof9xKQ5o68VwNKnoST+YNlVetH:t9661IMzGJ54hpI |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\ReadMe.htm | 16.25 KB |
MD5:
d7c2beeff69097a439494a278976212e
SHA1: 9c88171e86f94b48538c6147243cafdb863cf5b5 SHA256: 7661b2cd3dc18c1e4a0ef75b0e9a690601f9ea9450ecbab15883c1d9102e5e65 SSDeep: 384:iVG/UGJHGcr59F+8Ejhs1To0fFLTXmWhC7QPuCgo9loy:iVkUa59FHEjhsm0ftD1Xoy |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\chrome_elf.dll | 429.00 KB |
MD5:
650f6c02209a11407e6ea9903eb45838
SHA1: 1c4bd3cd4ce08d5720168a7a84d084f1c717d1c1 SHA256: 2b46888c1335ae0008afb91ffefadea636c9b753c0147b3d500678d3c1b02014 SSDeep: 12288:d5x2EAyvm+RSoUOO8idyvzd8ZRlVs9g0Smi1IgKCsEViu3:bxVbmqXkbdSzd8Zag0SWgfiu3 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Email Insights.xltm | 720.78 KB |
MD5:
452159bb04744bf80954c1ab1c3ae9fd
SHA1: 6e67f8e08cfd4aaeffa07bbe42f94bd4db071606 SHA256: a5dbf205a879fda878c34293b9ba0ded0d1820e2e35538cd2b834a0f5adb5722 SSDeep: 12288:LRhZESUkalvrikWjTD22QUATVM92zY/6BhckbnXDyj4XFqrC2DZwL:LRhIN2fjTC2QrLjPnTyj4XFqrC2DZwL |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\6jKSrZJ88Nt.wav | 42.23 KB |
MD5:
2af6373ed6d68dbe31ce05116e7146e2
SHA1: 15c9410fbed006739e2b2d87378813b2c3ed90eb SHA256: df9f00b4df92e0608310d359ee8690ea6591f6277effa3a264852fd40847cca9 SSDeep: 768:VChygAf9ucE8o7TedPs0dWzobtPxbdOHAZIVTUEaqB1HGvQJNpVgtMX+:shFAFlEF8E6YetPdgHxrjBRGajGtm+ |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk | 1.25 KB |
MD5:
d797924da662b06d8903193ec8cab61a
SHA1: cba575adf1676b16a3a464d1be5a4953520e1660 SHA256: 22b6166466da9c537cbb41478d14c5e4af93aa473ab606d363529cab57782ac6 SSDeep: 24:9DZJOXQuCfwp7J8cPp1+h3+n26goMtM6XuN4QkSpp1IsThUV88:ZTTu/7J8cPpshcot3XuGBU1IyMj |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457491[[fn=Metropolitan]].thmx | 759.42 KB |
MD5:
38170b30497b09c9a46a61d9117b378d
SHA1: 7f07d3c10d19c3e3221613374d6d77481faf40fe SHA256: 638f8986e58c9ae1b94db2dbad41589a166b76b701a81f80e1d75d5aca169200 SSDeep: 12288:LoTa/OTJHmmjrnnRQgeZIK6ljtAGLlkVmYAiZvAAuZC/Fb/cB+sTag6KlMkIWHw5:M+MmlZADktuBJug6KlmK2SGDDiDrPX2 |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Certificates_R.aapp | 0.69 KB |
MD5:
7095d8e7b00dd0f5d10f6ca589576cad
SHA1: 3c724f03267d1fc9b7eda5ab659de55298a39a3a SHA256: 5c2dabf35d1d6ea4c116252bd87aec0967e0118e4eb365259dae17622e908ab0 SSDeep: 12:yYvyI9ZtaVQlQPSRPSsOt9Qh5HFCEIedoAQkYET3VeDeR2ZCA6JVrZg/fhZHMi+T:yYPTtiQlQWPSs/nlNIgoAQhOFgevAC+Q |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\RTC.der | 1.08 KB |
MD5:
3cadaa959ad510481fad91392046544f
SHA1: 09ce7bcc9cec210a5205e16385e56c5b95cb4a72 SHA256: cf5cd7f1309938106e640df470bf3ba9c948348928d85865f8594d3ba79f10e7 SSDeep: 24:2ccCoIMUvkIeYnjLMEShM0m1+xeZZ92t0IIEWhAJ9:WZkkIzjQESS0I+/tUEWW/ |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\BWs 3bhQ1.avi | 59.72 KB |
MD5:
7b718d45d5f90a8bfdc54048cde25a6b
SHA1: ace7cf191ebe7f1e4032dd31f48ba4b3d805fd7b SHA256: 1df9f91b8a00d2ddcf6b28b9e73349514d0753abaa71b4af8f852aded2469c0a SSDeep: 1536:nSYVFSR+bdEGYYh7SDNDB5FCTq91RobdH6ygxmJH3Pqn:nSYVIIndiRbvobdH5DU |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\kPvJOo_e0v2YY.bmp | 72.81 KB |
MD5:
7ede9de4512214abf6333f9c0d40d858
SHA1: d3dca04e3861803596d9bed25d0ef31f7b78b06b SHA256: 99fe1dcc19c00678f6cb12081178b6df19ffe334768f42510face742ec65dea5 SSDeep: 1536:yBv5Wz3FpxTZoPwaiWwOAFrMPO3vgGNFe3ttB7AeegmsRj7TYbW:yBv54p7ooaihOAxCOLFeNzegnRkbW |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Office\Recent\Database1.LNK | 1.09 KB |
MD5:
8ad0777557144b9085b66b04441bb5db
SHA1: cdd387834c3fead2fc4459631410463afaba8d6c SHA256: 54840e71747c3b83a4bf4434fbbc34ace1f0d9bc9ef197283f8cf78f5b4d56dc SSDeep: 24:rbQdVXzLVbAvC2uSzNIZ9CnP/HMy870stinNmK5WL:oH5b32u9CnXMn70SRg8 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\1XHufR-DxIGxuK V.gif | 12.27 KB |
MD5:
e35d53a4a73bfeb1d7d1c76187c1f778
SHA1: 4f313d4e6b263f8c5f6278dad56b70c3e6005f77 SHA256: 2c119c6c33c4bf3273bf1823b3a049174effa9b8e33d157d2e31c49af5a33f7c SSDeep: 384:Juxh2YGiAQu6ny3DrM4dfXquAG2p45qkyAe:AlEHdfPAG2plR |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ahclient.dll | 265.69 KB |
MD5:
746499bbb7d0edeed9243072fc2f7d22
SHA1: d85a29dadbb0f1ff4d69edbe552f3052e3e419b9 SHA256: a7b4c232176ef2e167c4eee9d6f80b50cdbe8823efdaee6c6fcabae347ec0fff SSDeep: 6144:Y6yeYMkO8AdML0qwD0G5IblSbjDxk4nKB2T+H757WywQca:Y6ye3kO8ASL0q40G6wHDxr82T+b5Cq5 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Process Map for Basic Flowchart.xltx | 107.38 KB |
MD5:
7d874127ff9bb81f8eb51fbafa618d60
SHA1: a0216718191c6de931fc83596c33bb1a613f1ac9 SHA256: 4e1b5a261d841b4478ae6e62808f99aaaba663f281261c6395b39a429c3904fb SSDeep: 3072:P9tyW0HvrwNxDB6BUZ+Qr4etNRP7mEsDC3i:QTixhlRPyrW3i |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\CPDF_RHP.aapp | 0.38 KB |
MD5:
a176b027bea246597e516501568a7ea5
SHA1: 61e8e316d1fa7f37481b96fc0b5c3809eb44829a SHA256: e647aae921cf2a422317170376e5fa2abe5292b78a89c7ba037e00f252d947d5 SSDeep: 6:wpknpX8UAbDYrE0P2Oa91yaKBpYOGVfnQYnvpjhc7gJENW5H4/Ry+vjHChag7L4w:wpknpX8FbDYrvOf1yaKBi/fnppQvWwyf |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\ZMyqqk.avi | 60.94 KB |
MD5:
02836bac6d8b21065e3a98beafaa74b7
SHA1: 75d513ee43d5baee298e7a6e932f29de5e87fcb5 SHA256: 8c172b13ebe9f9c72930cb1d00c1e570afb167daa892c7e6f1e2cec37c3183bf SSDeep: 1536:fX8smcNrlUcnmN2tt92w+xO36D51658HXseoCaSChe6WQ4bOK:PJlmOcxGr58HXse9XIPK |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef_extensions.pak | 0.02 KB |
MD5:
68ca1476d52156976df5de9adbd84991
SHA1: 15c23bcac1e20667eb09fe22fb61918719d1c71a SHA256: ccd5d6972666202b16b28064da79730fd5cf15a413f0589e9656110a9a653e96 SSDeep: 3:Qlicn:Qdn |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03090430[[fn=Banded]].thmx | 548.95 KB |
MD5:
8f05b82944a8cdf41ae7d0a18d88086e
SHA1: 50e96c01974e88d2cabb01aba5d13ee1277c1052 SHA256: b31d1f8027dadea1670c528b694eeae9cb3cb53d32d2b355be2dc0bd5d23ba8e SSDeep: 12288:11pO1w6CvH3CmnTnheo1eDMRYuGBXs50lOWKGwCHE6wqipjm8:F6CvSmnDPeLuAKCjRE9 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03090434[[fn=Wood Type]].thmx | 1.57 MB |
MD5:
d7ea62c4720aad994a32a55e973bb568
SHA1: 311665af31b0464d705b7830276e96b40364cede SHA256: e0a1a514cfa9eb4813d39329183ef55ac52f20bcce1941524219d2cc52a01aca SSDeep: 24576:VPMpYTwfAKFiwi1xGoTxaVXIAl51r/z+1fDaCa+l/6hATxaLDVcYn1iTVcYc:ZMpWwnmgoTYaAh8fg2TYLRcLBc3 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033927[[fn=Main Event]].thmx | 2.79 MB |
MD5:
f33c6e53fd540a99b14c06db5203e4c5
SHA1: 50213abb9f50cb048a29cd2db066f1237d371b93 SHA256: f8d44be43b20a95b3876db26becca362e3ba76dc9548dee23d32b15ceeb03c3f SSDeep: 49152:61Dgoc4v3eCE5mKuzRvD6tY3BHaki0DvSbJ4E4cOQNLPEDgSlVuv0vgI8AYylkNF:WgF4v3bE5mKudvSKHVFDvsp9EDfPQ0vw |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll | 316.50 KB |
MD5:
8e87f7b0d0595129e658214090197419
SHA1: 9bfd676bce3c6fbf1ca62488a61284d15563aeed SHA256: 90b63dba61579a008feda847242afea4f6341b8157f6192132fa57188f4f7bf9 SSDeep: 6144:JKJXXGr17m+RSPd5Bym/YWAYzFsgh0pr9LkCFe0BniG+UjZ0u0:fzUd5BtFsghwVBFect0 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\CE338828149963DCEA4CD26BB86F0363B4CA0BA5.crl | 0.42 KB |
MD5:
17409355f246f72652f6df8930b41438
SHA1: 6f507f53a6b30236fc14b9c9b17cbb7ccb9215e8 SHA256: 5a09a523d3f6183bef6fa9dbc7269b42259df446ec321b0885d652e6d6796f42 SSDeep: 12:wPk7i/wBzd6qNFYQ9IQan+F1gCC6hgsUfdutZ:wPUBBzr91vFwsUfstZ |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\GostName.XSL | 250.36 KB |
MD5:
51ff6ee0cecda819cd947cbd0ab892f5
SHA1: aaad85a05828139ab5385b7e3b4977955ad5d76b SHA256: d8fffcb20d4c1d4ccfb6042f960e97068bcbc06996bb4a6454ad42f35e135b8e SSDeep: 6144:PFrfQx3GdXM/B20u7BOJjcsaq9rnnSQ+FRAVM+V+3m0u9KFZNDwdwaeUhsTDcc2p:PFDQx3GFM/B20u7BOJjcsaq9rnnSQ+FC |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_asym.dll | 212.52 KB |
MD5:
00b755b7ae8e761d3482e6838fde82cd
SHA1: a0e7b546b88ce7f923b2f0a3904b19c220a22e56 SHA256: 3bc6f9dc79503b3a34a834b92751e3efb5f58ef80ba07256822083604690dac1 SSDeep: 6144:3KhN+A9OzMwGGCTl1OQvIIlciUI6Vz5U7961KUZlHov:6hsA9OzszrRfUI61AsIv |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Normal.dotm | 18.42 KB |
MD5:
aa1cbd87d2381e37ac1b8a758d5574db
SHA1: 6be236e3c4ee07f4cef74e6dfc3ce28fc488db32 SHA256: e411a3ee526612b6ef6d6a005a8ae3c8406cdaf63565e47914f3681918708853 SSDeep: 384:dsF3W1Z5SQHzydJikrFb1Jd0OGni00VsW8KW1BT:dsF3wrSQHWdQCPm0eBF1BT |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk | 2.31 KB |
MD5:
c767ea027ab3de8d9c146a0ae397069a
SHA1: 1e9163a88c2227d50943821a8a73847c6be788a1 SHA256: f25ea53e21149f50fb4bab8a9b424e7205555a451282496ef733c99676037485 SSDeep: 48:CShGKPQgW7Py/zjbvQYkhlUmLblgib3yOVyzkm7KLKLMuez0:rhRSKjjUUcNezMLKLMC |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033921[[fn=Damask]].thmx | 2.12 MB |
MD5:
e09fc0562b29dcff1afcadc0b7acd027
SHA1: a7fdc996799ffe32f91fb3482c9be71cac792bb7 SHA256: 270101b6f660f95c6eb712ec1159deb0ef1049a7a5a7fa649a54296ac7a67760 SSDeep: 49152:whUSZrBXpeMVwNNOKLZpFrIgh5bxRN16NuCO:wP7XVwlvMgNRGU |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033937[[fn=Vapor Trail]].thmx | 3.44 MB |
MD5:
54e03dd53d441556e4e3e82cd300e73f
SHA1: 077f472a274f018dac7767c949c3d25910271385 SHA256: e2fcb8abad0976be36c50851c579e2615e6cae4541ea7b772a450154233ee4de SSDeep: 98304:cb64+Yvwdg3NNc+clGlICQq6NYQttQet/6UBuKKyw0gfjSKOtCD:w6cvwydDlICQq6Nrie4+Kyw0eSXg |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Access\System.mdw | 124.02 KB |
MD5:
cbe757fbc06ec4b30100ff85ca43d767
SHA1: 232595a50d81b97151f7717386dc9a3517e70201 SHA256: 348d9b889ed0254190b7c97974b817a9049cb3f9438fd523e38e4d12125726d7 SSDeep: 3072:09kg68Ftr7a8eFTkG62lofPkJKSRQMndX42glD:sXtKvZ62Sfi1ndX41D |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Viewer.aapp | 0.30 KB |
MD5:
4129b6289f659fdaeb4a7c9d0dc60c5c
SHA1: 8b3f53dfaa1a22a8fb6bdc04bb99ea2c762998ef SHA256: 3d6e3c59ca7e631010ed93ecfc5fce31cebb58a44931c0995aa7308356e8c787 SSDeep: 6:wtSmz5aZFo/DYkoeHnpFxerT+h/KHkVjl4VTHR7lDHZn:wtSi4UHnpFxGC4kpCVbRhD5 |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_ecc.dll | 492.52 KB |
MD5:
eee8f68dab22aa25d7b6700c13c7c355
SHA1: 83cdf51b3d37a788b63a0699f831361979bb1845 SHA256: 355870b7853a4017fcf697fd386d6a740197cedca5a4f9ec1457f5c9d89576f8 SSDeep: 12288:N7ma7F97IBgNq1Di7IgafEBdW0qC7gcky5E+:N7rF97CgY1Dj860Yy5E+ |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\IEEE2006OfficeOnline.xsl | 287.62 KB |
MD5:
42184fadbf0e6d8c1ee7e96d7145cbd4
SHA1: a5e3b782dcc5511c6de63fe6295c15191c1562d2 SHA256: 287895ad5b9dd67fb14825011159faecb993d34113a3ac7072b6b0540aa33d8a SSDeep: 3072:/Yeaz2G6HPPNfgHedP5fVchpud4uqcHE8h4Mmbu:AiPlY+dBfgpIsgEA4MmS |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\CoolType.dll | 2.79 MB |
MD5:
cda5043250ddd04196e6fa859071a7b8
SHA1: 9d6ac509ae6fb6b229d771a1bb80696526363c7d SHA256: 9026d6f178b42fc52c896acd043e37e4a8316734b14ac1267d69b1b0c87923f7 SSDeep: 49152:4PH04CogmdH8tM5SNPutYlGu5CLXwRceRwbdtdUStqK3gcSfeSp:OH0tM52jGdLfeGtdzoK3PSfeSp |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe | 135.50 KB |
MD5:
444cba8149ff2ff06b3c79cc9787206e
SHA1: f7718248299ddda81ca037a7d5d9b3d37d273c75 SHA256: 2254ce2596fa3accd1a80bf052880da94ec1fd11bc411f463cc7edebe43b2898 SSDeep: 3072:59Okq1ox1dvUHpiQnBaQFvfnPQKqpJmsCWrTRZXsbMr4pXZqz:bM0hDkBbPCpJms9l4LM |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457485[[fn=Mesh]].thmx | 2.94 MB |
MD5:
2995a990cf2a24aec861e3d944c6287b
SHA1: b0b9851cb29cd5dc6bff560dc4ec384bf6aab639 SHA256: 2d2b68bb48a721b9309d3c5b388b5cfed6ccc081623e62b45db528ce7d0514f0 SSDeep: 49152:JkPw53/zT5gjvSVY4u6AOd9Cssb1beHBN9GIASm+Sq52WysHKR3QoucgHDha4APb:H7T0SVECdkssmAB+2Q8Q9njU4AHkgWTY |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033925[[fn=Droplet]].thmx | 1.67 MB |
MD5:
89ea1cd11e3897cdf61b4618b7b0ef60
SHA1: 7f2078fc5b29d24c5ac38253018a72c9f49f87f3 SHA256: f297a6a67759602ccf55749dbbc86a55e745089c085089cc7f8cb38820d7e1b0 SSDeep: 49152:RrywQz8PrmB7/AcYpxhLw52I0kLL5sLCdmiy:P487FLwszYL59dmX |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll | 10.00 MB |
MD5:
e7def8ba21c0b23497a699244672cfdf
SHA1: ef745f54fdf6b677f546ee9b2a39c1a87e6cb281 SHA256: 789c5b9e11b635005df63431b99d7a16735e03de29154e02958e9898aa035ba8 SSDeep: 196608:EjZdBG1As9HRUurF8XZmcsGQj5ne0zr9w6BWSytJ0qndii3Ugsnj5z:EjZ3G1AeRp6ZmGKBdpsl3AiEgsj5z |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Pages_R_RHP.aapp | 0.41 KB |
MD5:
05e8ea3799a025c84278f82b56b29626
SHA1: df301958bf3c2c684fd96b4ca39404497738072f SHA256: 03648aeb67d9c0f5c07e0b41707362fe9b2c2217cd43dc6734b0e8328943e644 SSDeep: 12:CCNdmFVtkDcpsp9uUxuwpE8vzT8xu3Gu9notvMxjO:BCXODqsruyEDxnumtExy |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef_200_percent.pak | 0.02 KB |
MD5:
2856130aa64b0c533050f9cb87e96861
SHA1: b66605951a2d3c55b53f08fb44470c9ce865948f SHA256: 97e960fd193bb46f0925070c85169f92df96b2a6e064f549a14f345f4311385e SSDeep: 3:amqGa5POY:tqN5Pl |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\cryptocme.dll | 213.52 KB |
MD5:
0f1f72f58771b94072b3070eb2b55765
SHA1: dafe2abe35699586439f611e734cdc244fc68abd SHA256: daa897a686da145db3dd5fbda9fc26a0f7052170594c8145e5f64b9f1c2c159b SSDeep: 3072:t92+xMKlRxIUmniRNh0k+p07exRg5/J2F6VZY8L3f0Mc3kpQg0MVi/4Y:HlxMKzxINKN2tRglPVRfDP0YY |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata | 10.64 KB |
MD5:
805bb18a56c1e912ccffda177733bc2d
SHA1: 095c5f5e78d86226f692c3002bf41b1af7374607 SHA256: a2d942dedc07c907d5f3d300beb0b4bd0f111f26342dae555e0c61d912022a8a SSDeep: 192:zRJ0oa1Oq9izBJ0L9cs7stvuWUpfFoG765l6YQPHW/eCwDCOuBQatqHZegmjTfE2:dJva1Oh0LRstvuWe6lRUHqeZWlBQamFs |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\BIB.dll | 116.50 KB |
MD5:
ab2ee7d6b630c0a4507b38249cb1dd5f
SHA1: 67f550e7c59a876c5ed53b02c132e30c2171eb27 SHA256: f998a4726a10d4002b19f43aa3a97d54aa0204583111d0b9ea3505e64870a876 SSDeep: 3072:lIouD6O4zMLRhKh3EQqebxMfS2isUJuAKxJ/Uc/JqIQsXgzf1WpOvx:lI1LLRhcqebifSlJu75gsAYpOvx |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Comments.aapp | 3.64 KB |
MD5:
0761660b1a5169a6da0ef7a5bed656fd
SHA1: 2b8748ca7cdecc0d93444cdd137d41678f9eeb78 SHA256: 14ca403915680ee868b364655bdd739665dc467bd709e0afab066eed35484dab SSDeep: 48:KqUuqMxrfDPKLiOU8hpXI4QfCljeZAFM+aPDZbjRzK3WhgTg7gFDwY4bUeMy:zFBPGNRtjalHR+lTW7DHz |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\HarvardAnglia2008OfficeOnline.xsl | 278.14 KB |
MD5:
50e84ac8747cd1515f0cb2b316c0f835
SHA1: c61385e7b90c576781bb94b3d0da8cf8ccb18145 SHA256: 16a25568bdcbd9f200eca4cc1ba0af98d68e718a21164f4dd749de0419bbb563 SSDeep: 3072:TwPnYBDcybhb9WTfB9CsomhW1IyT6PwRoZjYJ58nWU6NcvIgN8tgkbiuYk2csHYy:TwPnkq5Ws6OIA8BiKw+WaH+12pW |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AXSLE.dll | 610.50 KB |
MD5:
afec3f2958ff5b4b98371118e96c06e4
SHA1: 235f5b4cce16ffb7717b2378af1b9709ab45d0ae SHA256: d6dbe3337b92ab30c438be2a54ce97b9f672b681ede51cef95f52f664b36a3cf SSDeep: 12288:uSReN4OBaglucPTaC6gZrt1xLgYvQN/bjLddrsyAwJFX+y+e:fRgz9/Nt1xLdHIJ0y/ |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf | 182.47 KB |
MD5:
113c58e635e93da58302959ea87a64e1
SHA1: 19ce75c08a4c6e2a8233eac69b9076d32f59b5d5 SHA256: 63bb9bc14d574b2fb2e25c2b14b83e5b593166a7513e582c9c836f679e2bb931 SSDeep: 3072:/3jmO1dANbLKVXJXO9knComYH9hOB2HsBpcvC4DiBoYd5WwYbAL16nXWSA:/jmOwNbLOZXO9knComYdhOB7MvCM2o+j |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457475[[fn=Frame]].thmx | 510.80 KB |
MD5:
f5cb86e5ffac9d53ecbd9af37711d9f2
SHA1: 06feb2498a6c6f04cff4cf5d0c7a14f65220ac7e SHA256: 50b490d3eb15458298f2f8a167f4f8ddfc2aa765bd74add9521302be15f6ef5f SSDeep: 12288:Z3H1CiMRspao9ZvtztlFVEJahSzJ4nRoCLohkY0bh:Z3H1iWaovvLl+J4nTLMebh |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Excel 2016.lnk | 2.38 KB |
MD5:
16846e15e56eac1c3986f114c1a67263
SHA1: abe811d20294646d0d2dde55c770c662bee9335a SHA256: 904f88cd14cfd8d5ec54948ad53f6ee510c77dd86d1144adfd2186ccb266f97d SSDeep: 48:PUbR0kPry1cBiFSJfK3st9YnuxPOjKJyhWflPTh2NdEawaK3vHC7f:PU1rrizFYy6yuxwKJyhadh23E1/Hw |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe | 52.59 KB |
MD5:
eb079905aa3cabd00612d358e7b27bec
SHA1: 18444205588d3c2b925ecd5c35b79ea732971d46 SHA256: cc13f323b37b68b1924bde3a3db1345425ecc25b8b9ad74476dd846d4c2d52dd SSDeep: 768:nG8YkqZ7qk93W/7n1YMnPsHxCQqLLqEh/Z3ptZhALojSRW5H1HWi924jR5o:nqZ7qsGTnLPwdqLLXh/ZnAGSM5VHWiP+ |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\7h3QF4wV.mkv | 83.91 KB |
MD5:
8e5dae4473a91a33429c8987dd8be2eb
SHA1: 1154386b7e3de9df5605344ece47983781e674c1 SHA256: 9aefd4d054bff6cf4c8fc1ba8e66d74cdbbdd27c5573250dcdc400779c2394d1 SSDeep: 1536:EdocgNN32h9SIYAYHmUz4jsDxGx0ntweBolpfDoBIe848EdQdRDSOjq9p:iopNN32zYAYHmUsjsDwx0ntweifDMI3e |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Office\MSO1033.acl | 36.86 KB |
MD5:
e4c5be05972ff2c2ba2cf75aecd80ab3
SHA1: 87238cf85451253cf800437aefda8eca5680bc1b SHA256: e8107f62cfdb52bb4eef4d3472f67693a2ccbf460b918aa0d9ef1a07e804c1b6 SSDeep: 768:BwkuREBwvHAUnMbFvCNkXy+RQ4yiGiMTgLIAzY/Q/mqxbC:BwkuREOAUMxvmkXy4539MTgLf0oNM |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Stock symbols comparison.xltm | 1.39 MB |
MD5:
cf93042e6ecf33c07b1bfc117b3ceb2f
SHA1: 181f505cb0af652c6241041125534075d871923c SHA256: 309f06a4cbf207c95726d4c5f327f1528413124329b72cbb575d7866aa27629f SSDeep: 24576:8lBtDKcmeFadgnhm68Gr0KAA+ce98QyPsJn0dR0tL5ODRPxW58QeIq0gHLqiWC/m:IKlJCgTXKAL98/UBO7DNxPQe0gH56 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Office\Recent\Templates.LNK | 1.17 KB |
MD5:
d25a0f110946dbc6b6c1a27aefffeaa4
SHA1: 18c35f9f32bf7e850743aadab55bba1fff684050 SHA256: b93deb08b7b6fd8c8d2ad435a816b79fb4592a395daf156fdd4fdfede6ac2a9f SSDeep: 24:MJ8oWYJuxxD6U63Zo6Q9Xx2TNk5SgcUQMdAL2f7W6N1bE0qgDFykn:Q8olJODB6J7Q9UjpUjdAL6Sy1pDZ |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk | 0.33 KB |
MD5:
e1e7d0ad6d96961bd13e893c7ecc395b
SHA1: a2198fc42d8b0138da8fc2c89fa1742a0f5f4b09 SHA256: f83046036d2888faf8c6a6651d69f08c16c3f2e52a36b766a3d87bfe43ce3595 SSDeep: 6:7LxE4ulHpFD5/XDGogUn338MJKv/RVXuDy/bPFJPJits0sb57n3hCOXIRQn:7LK4K3hyLU338IKXRFQkbP4tsd73EO42 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\q0Lfg4X0PkE9ZS3se1w.wav | 74.53 KB |
MD5:
47a2c6a0b27ce999678c457af3e09135
SHA1: d5321101e7c12b17be26a2836966df8d8ecac295 SHA256: 7c3399be3d219b36bef55dc9d578ac3b26503486d0a0800b476caaac3fef300a SSDeep: 1536:Ma60/H0x9LycL5dl2IESN3zCyCTx+3pQRSRlPZufo1ClpF:/6zdI0dzCLAkKNCF |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\vRIJHQaZ.mp3 | 59.50 KB |
MD5:
e996b34d59b2d2beb78651dd66ee2cd8
SHA1: e06dc04443ef0f6d78a0592fb3b69b62c0b3bd11 SHA256: b7b14ab4d2a15531031c90ac700ff98eb679dc4b30e5dbf3b9db5f9e3c2faf21 SSDeep: 1536:LXtxV5jpwnzz2O7vlpdXlqhqKfU1rNK8DZEMP/GTV1eUh:L7VLezzH7vYsLK8FE8/kr3h |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001104[[fn=Feathered]].thmx | 1.96 MB |
MD5:
326f1936edca5f202f4bf36cc5c711e5
SHA1: 54eca2a6cc810a58ea5523f20b140a1819397397 SHA256: 17a6ae8bd75b663ee6652a245d48ba7ce8a2567b225e97127e0a6a291072d26e SSDeep: 49152:fS4u4Khparoo/2IBspjIMYW2lUgyyi0Zkt1G2:f04QaEEjMLoU59tB |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328975[[fn=Theme Picture Accent]].glox | 6.31 KB |
MD5:
0bf0010370970827907d82a783f44645
SHA1: 6d7dee9d6429ed0cabbe43c4ef24fe63da93b0f8 SHA256: 1b9b21c9ee9979d140f6951e9d87fa92c1b2f96ac4492e57244ece113ecd1251 SSDeep: 96:2Wb/vGrKLaPWLwnU4K76l+GCQVUUX+fOeJJwRePf2kabMmxR2lJhhhvDAmB3L/s:x/vNMWL141wlQqUgqWFzNWabk |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk | 0.41 KB |
MD5:
61d5a2d918addd2775488a2b32584d06
SHA1: 5b3336a91cc786ba322e6e795df2a263fc8b018c SHA256: 77305fb26bad362452c23cd180bf8ce3b1f20fdeaa9067e4f4c980b95aa64467 SSDeep: 6:JBzyVx79PD4//869WZiiFwEhvDT7GSxyqEoHKOLT6CN4wYjfXlvvDTmGEtMLin:JWzD4H8H/7GsZKrCN5KlnmlMmn |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\lbYChRg-xAiK-KFgsEDW.gif | 15.36 KB |
MD5:
66f3aa9529fdb87087af562b743b473f
SHA1: f1817336cb936266e942dc908839b3961c123e38 SHA256: 3be20d30ac9cecb6a7bf71de7092a42b6640b70ee28eda4e4a6fa5d40dd9d25e SSDeep: 384:vcgri4Twp74Wpvqy1eNKLWmxm3ZF0NF0w/MFl7no5K:vcurWZE9mxm3UNF0wEF5R |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328983[[fn=Theme Picture Alternating Accent]].glox | 5.50 KB |
MD5:
1a8dab5c1f75ecd74ce9138ae1e163ad
SHA1: 0a1424bb6e8a7fa4590f1dda3c857774af49dc76 SHA256: 5e464ac71662188cf3838405ffc08aff082fb9f2376013574f969ca77d79e66f SSDeep: 96:yKhtvNNw+JCfI1yd4I6tA1M2bxZ5G20IkYuvo62/bCc0prAII1dKfgXypKR6gL:y6vNNBJaheliM2l7CI2Q6LVprqU26gL |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeLinguistic.dll | 504.50 KB |
MD5:
05e49fddd182b04c7e4becd4f75453bd
SHA1: 82214fda3306c2586302e26d75c0071522e223e3 SHA256: 195febf8e53f736a4854b3365547f9d1e09d96640cf62e56579cfe1a1cc5677d SSDeep: 12288:9KN2uw9/I8nqx5agAumMHNywTO9Z54B6Jqo94HyIL+zAnERwZGk9K/offtguNfTZ:9FgA0O8GIK/e1guNfTi+ |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\15xo6kifu pmSmCyy-0r.m4a | 80.53 KB |
MD5:
c2e6e3409aa2cd0ac08221f544b4521f
SHA1: d811d0c7e09256d5d8d16dc2277b61a7e6d4ff58 SHA256: 39e07d4a0ecf5096e989c08ff077c87f2f0ac711735a3b54d901c4fba51a9d6c SSDeep: 1536:ebMdD2U7qPin1/ZMnVtFSigHHTUTF8liPx1CGYkQfjHCjqbZdmqc6SAEXxollGMo:eaD/q+Z+Vt4HHggip1CnXiObZdmqc6Q9 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\OneNote 2016.lnk | 2.34 KB |
MD5:
907fe6acd4cc7a1d7d797385997c5347
SHA1: f010fab7ffc2badf81e96b88599437e31d74a85c SHA256: 4869b068b305ccb58d9616cf7612d6937e840d7d9e0d95c211423caf4dd355fa SSDeep: 48:Z0ls+t1BaR/mta/tg6A+EBMATtSkK97VCQFZO74ZZZZZZZNlRawZZZZZZZZZZZZX:Z1i101pq6A+EBRSkO7VP87wjN |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AXE8SharedExpat.dll | 194.50 KB |
MD5:
702c6e8f97018cc6b8410796a8227bca
SHA1: d8c6f0e4f7361e0daf1f1d8b598413d508b0bcc8 SHA256: c024609e169b5dadd3db5ce7f334a7028919a75a2add91b5c2ae08820c3f681c SSDeep: 3072:AOX+17djnZUh/guhYje8iCgudVBnaqfnGWvr/6L3sWNNcn3KSRS+T:A/17pZA/1hYjngaGm6L3sRh |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Process Map for Cross-Functional Flowchart.xltx | 141.34 KB |
MD5:
f05f3485c5ec20c5659493007d9fc731
SHA1: 8d6f131ac65ced39c1418212089f18a4d5af5e84 SHA256: 0268d50f448685808ce8fbde0dcafd8552ca20678bdb6df030249b36982367d4 SSDeep: 3072:8UMi61gX2ul7Z1pWSEnPSt0LVE+DTz2HnbOb8064xSp:iiggX/77NQnJTz4bObNRxSp |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\GB.XSL | 262.38 KB |
MD5:
44087aba3ca0559719d5cacd2af4d764
SHA1: 986100cab1552e3bbbb8674d77aad5f5478a1786 SHA256: 7f659a16f27b996da0bdc9e56a01581a572822e4f3ab8416c0c54bc65a86238d SSDeep: 6144:CIkvOsJI5LJPGRPL2rMYS54bjtcumZwm0fvSw8Qjozc70vl1bpWXTpoh6Q6tdi/w:6WVJeRPLkSubjtDJmYSwrLs1bdYPkrFe |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\PDFPrevHndlr.dll | 95.17 KB |
MD5:
4ca51f395d66deeee2ae60c7a0955c73
SHA1: 56d5e5e3ce677a93222d9a73d4b3e2a60d37dc17 SHA256: 93544d50fad3fa5be8933f4978be12a30edef9195dc09282cb5dd6301b39c66a SSDeep: 1536:afe8kPt+wCmCyLigEz7apLQSjLxDBYsPj5HpSGDTtdZoRrHMMYIHa3xHP+AXDj87:8oPtml0LQSjLxlFHSwpdZ0rspqUDj8ig |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328905[[fn=Chevron Accent]].glox | 4.16 KB |
MD5:
d6815d3a8cfc0d9d16fb297a8dbe6c01
SHA1: b11e185d3750be5a253355d6983975c340c3a7d6 SHA256: 76a92322eea132a4c11345a74aa1d92e4aad5190355bd40cdda5486dcc582463 SSDeep: 96:bo28vX9twz5NTohJpI7TEMei5y/diB/U9ZXEWo0t:cBPQ5wJCXeik/diB/U96Wo0t |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AGM.dll | 4.90 MB |
MD5:
9fbdc03896daa52627eb1acca5051742
SHA1: e3d1f40f4b50f919cb4d48a4e4623bc2d298b913 SHA256: da3994448e6fe1a74e0bd6ece776ba6a788fca43c7430c30a7ffe28f8997c415 SSDeep: 98304:MIz+kZ4vfiQMY+VKJ4K6thszFckMDiI7+uG37xK+b98mgCL2f06ON1pT:MIz+kZ4vKSghsjMDH7+nK+bewk06ON1F |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\EPDF_RHP.aapp | 0.41 KB |
MD5:
91dd5428c68ed668f881851b2d3bccde
SHA1: 6707e4bc94bde01248d0a86767e6ab76a309181c SHA256: 35bb5e1430a6a30ad72039039605f047541022cb4348196c814a9f5b0119bab0 SSDeep: 12:FHCQ3W3wczR/fTzz7SB5CM6gGVW+wtItMIc:FHpBWf7e5CLSItMZ |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroSup64.dll | 114.00 KB |
MD5:
074f3d77865803d3532463436c40d44d
SHA1: 3289bd3501ff36837b6de5930daf83d344d3076e SHA256: f1ed9d08db2372b22a945f6c446b3f2dfb57d0882a97532cf84bc15310a5c872 SSDeep: 3072:PH+NJJkEmL0j1aJJk1+1OImnkOJVYjrWhms1nA:PeNJJOLm6JkoWkEYXWI5 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\TiTXeHNWNY.flv | 45.52 KB |
MD5:
97159dbf0bb0c61f5ef68278ed2bb7c1
SHA1: bfed6b8c262cce5d9e055c22770ad0a3cce4e0cc SHA256: e5cbd8d5a938edcceabcda63c2099059cba3a6d9d42509f731378db84c4dcbd0 SSDeep: 768:1fTfRsb2aMpJg0KDlVfB57CesAsHQ3HLn0CUOGooDke2To87HQi7gkynCa01eKLO:1rozX09AHz0CUOGof5TNv2nCLBepbpnz |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001106[[fn=Badge]].thmx | 648.39 KB |
MD5:
d1767b5bffb0cc0421c2802699437e53
SHA1: d088571cf63fa285a43406c4692c92b1bfb1ea62 SHA256: 99dd9886fd9c1e952568e6fc65fa0ff21b3d0f1e8d4154fb7bb22898b9e90d0d SSDeep: 12288:Bt7whlvL5XbmCxJtZzrYVZjjrX9ediliRo3EX3e/GMOD6ub:Bt495XbTxPhYVZ3rX9ek8eEXu/E+ub |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Na7yBkRxW5gqqSM.gif | 86.16 KB |
MD5:
bdb71f38b07759417726d27d2010cb5a
SHA1: 4707d66e1c294de87b2bfedc9c62d8263c4c5853 SHA256: 334cfe738c3a164faedb2c8c8e91a1ee742d063181a5c60eee1b078de5baab9e SSDeep: 1536:8wVF3ZzYVAXZHw6wA95h3vdRgybz80fBrmNMLU2UbsapMu/Pjtr:8wVNZEVsHbRl80mmo22/Pjtr |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Sonar\Sonar1.0\sonar_policy.xml | 18.33 KB |
MD5:
06edee8ce626b773994ccfd40ac3f97a
SHA1: 4f19624c85eadde5a69ef5201e1dec800bfa8301 SHA256: d45b5c6dab9391d658dbe6c4271ff600fbb7e4e5bae035727596b0024308751d SSDeep: 384:WhlQH+qX2pDLNn2pD+34beV4G2pDzWTWqC911g:8WHAN93f+m41g |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Visio 2016.lnk | 2.11 KB |
MD5:
75c15ba2050a0ce3a9af12f21da380e8
SHA1: 3eb3d647a77734312415362c1789e12aeb91e840 SHA256: cf4701e0feb83b44d572d577d9e5f3ff25313c7399885eb7ada363e12fdd350c SSDeep: 48:HwhjXv6TZhbuW3BmXTW5hzh6D0i35xpNe:HqjXv6LbuWReTWXzIjK |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe | 114.19 KB |
MD5:
6004abbcd743a5823431de4bed6f7e6c
SHA1: b73324c01a9b48db457b04e8de2b0a2cdd5a5647 SHA256: 712ffe19f09ef44a60607041264c1d538e775fa6e7a47778d0e13e04d7664116 SSDeep: 3072:RZcRfaiwjg3NyOAfXMeEejAtym9tqazbO6pg2Pqp:IcNg3N6fXM7tZvzbOnp |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Combine_R_RHP.aapp | 0.41 KB |
MD5:
5e8c6673429523c913d6ab23085305a6
SHA1: 18588c9e53b35d281559be6739918c70cf87be6b SHA256: ce773dd87c6662c5b133b0a0a8aaf8d93e4d8a0f6f7fc2ee17bc361244a55f00 SSDeep: 6:rQC62PMvO7nKYR/EMqonrH7+W5Np56XljTXFs6pIwKJa+O/Z7E1tOvqTSt3MmQBa:rBQcnlR/Rqonrv6VXXNGa1ZxqTHmx |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol | 0.50 KB |
MD5:
c841d1da4b7c6adb4fddee643578b42c
SHA1: ad2598291615c4068753ee6d02b6e69e2d02c7c4 SHA256: 5b79609472add77ba56beb43088ca0142e4790016fe3d16cdbafb518e1067a07 SSDeep: 12:FMB0+Nqf9ENYp4M1SDCTV8PzgC3BysU0YW7FZxc8:Fm0+NIyM0YV8XvU0VFLF |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\0iZpa3zd4g8L.mkv | 33.48 KB |
MD5:
9886810d7f45e0ad417f5fce7e410ba9
SHA1: 10063bd942e1f3d9849de8161ca6bace185f0235 SHA256: 2cfdeba5fa66138de2608f8924da1d10d68276249b577be16b6858d9f4948099 SSDeep: 768:NwoEZN0Xww/InwIhs3H+2HGkUefFn9qi6sANHHxWPYUDBEcWn8iI:NwoEfwgnfhs3tUefF9D8VRWAUlEc1iI |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328986[[fn=Theme Picture Grid]].glox | 6.06 KB |
MD5:
88eb83db075f2da051c258cd5e038140
SHA1: a042ecdb772e5adfbe93f8cf8d52f254017e1fd8 SHA256: 61c78e2e566d608550e1b2f8b5e2a1a3f53c748af59a1c47cce138f70ea38f03 SSDeep: 192:MFCxTZ3Z5QZjAqAgiD0EvsYVIzMLpuZM83:MFCxTZJ+jAuigEUoIzypuZ13 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457510[[fn=Savon]].thmx | 1.15 MB |
MD5:
b023439a00a46eaf8835eb105831377e
SHA1: 4fc006e60e2d91da6fcc5d00c91a144a65b196a8 SHA256: 615326d72c96e498794d5a72343d3c22c6487d20036bc481f84a6dd14ad6cece SSDeep: 24576:SPpRHxUpK5ajq6TQIDrcH6t38+OiuPumY/ee8zag7rc:0pN2pK5ajnkerztiiAumY/R8esc |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\COPYING.LGPLv2.1.txt | 26.41 KB |
MD5:
2b9b3091f94758c938cfc9ed119d0743
SHA1: 25e4df73b5dd3dbdfdd770547d7b6e0560ec5577 SHA256: 4dc28931ad6607d3edd153d9578c9736e24e5fbbc91da92a4007dfa320fba484 SSDeep: 768:VkrAYRmbop2TLWB1Q2gVvJYbx69zCZOofSP:SAomUpQeQRV2b0VCfu |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\ISO690Nmerical.XSL | 212.48 KB |
MD5:
7b72a46eb55478ff05211289ee6fc11a
SHA1: b3b5ca006fe23f7192932050d54092f4dcc2e5bb SHA256: 2a3a2a5c87efc8a226583ef2e0d63393c725d8f4bfe2c553a22a0f050fa9d35e SSDeep: 6144:W5PJBfAeSG/UqlBo98SwuGkIJ/RT9pxHmC:M/qqr7lfJ |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\gG5PhGomRyRPP.bmp | 27.20 KB |
MD5:
d6e9c610a3cf60ad5b3247280d708b5a
SHA1: c4069a4bdddaac7e22044f9a59358f41ef4e51f1 SHA256: acd440ed9b93d99842f2dfcb87d109839a456a8d5f74a7211df8d108c92a3172 SSDeep: 384:J8ECuCfvMpq3nHjU9S+VMnt12vTpcig0PIpQYAySirJ29G347vzgxdRa/dzWC24+:JsuCXXw9hirIchuabAySIWDzea/orpZ |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\zPlwGU07 kcnw.pps | 26.84 KB |
MD5:
05f69a5b37f32a26092d5330f9d4204c
SHA1: 2afc5b9b956d4f95d227ee79df8c541e604114d8 SHA256: f605aacc0c3174a1d9dd419640822cbd0bbf525530e14d2deaf30f179cf6213e SSDeep: 768:1n8xOJ3Gi6ak4rHUthq93MImt3kVxO5Oi3202pCo:uQGi6+HAhqVHmpkLgP3FI5 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\h2FEIh7b7C.bmp | 74.73 KB |
MD5:
ff61959911fc7a57c92f6d81c129cbf0
SHA1: 8f7ef3d183912fc076fdaa0f710ab83d69649a3b SHA256: 7c87c7f19735f225f038c4b9c16fd6e75502ebe9e7bc6ed50ab6f1fbe304372d SSDeep: 1536:kxUtbEVKhOyK2aXdqMA5a3HSJZEOx/+KHjsOpn6BS:kytb0KPaXu59T+aHMS |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457503[[fn=Quotable]].thmx | 944.30 KB |
MD5:
5fde15f5ab881292f2fc9da99d620896
SHA1: ec1d95fcaeb19e0a95ea517057fc7a0165e0be4a SHA256: 46bb4c046a4dde31a56f58ac2a33498ed9b838876a5e62dec0a4a138374bbd7f SSDeep: 24576:sf0dRoyzny+ROT/oBP9zVtNY44obfp/ZfcCjffhviz:sf0d1znHODcV84phRvjfJiz |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328884[[fn=architecture]].glox | 5.66 KB |
MD5:
26cb8e2b490b4bf2d2babe6363f759d1
SHA1: a1ce7b70b2dae65cef6d8e8cc1f4c57fd1f406a8 SHA256: 249e20869b46e53a69b8b3b7975fe5d54dfd6d2da8120165399f33484eb06bfa SSDeep: 96:f7DOUnrXo/AEMa5b4AZBYF06RwoPFGHJWo3wA+O4WMzlZ:POUrXoY9AZw06+xHJW4wxOPML |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\EPDF_Full.aapp | 0.39 KB |
MD5:
25e44e06d1125d3930685a1aa2f27950
SHA1: ce0ba70ad316c8e395337e58b92522a9f036ae6f SHA256: 3b7e33eebef50ffcc39e716a4eefb4dcd01b5ee04cc4829b1af87398f4f4e642 SSDeep: 12:ODV8tlzj/ulpXob2+AqPir6WRn0awXSfl8A:FsXob2+AyuVRtwXSfWA |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\LqkxAaKe.gif | 13.08 KB |
MD5:
e73703c32c780979c43f221fa5129c19
SHA1: 92c136059062b9086d73747af05760045b177d53 SHA256: d48bdfffc4c1657352f0c0323bad9d9c664a373db04ce3de41e301f69416f865 SSDeep: 384:cuDdDvpu1cAbQAUHnJ1EwI/N2SgDhQflj:fBDvp0c4kJi12LlQflj |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ExtendScript.dll | 646.67 KB |
MD5:
f865571f8333c34d99b7e9aa9fc1859c
SHA1: e1e74efc2da9ba8ebbd65d511b847485ed646ccd SHA256: 22fb7c70888b80d058cfe86d96efbeb8be08a36b9d377ee9f48c3f3d5adcc3d1 SSDeep: 12288:QhaD0ozyYOUUv+nkQb4NofwVmRq+Dij+TiZZnaw7XxJQ/kVr3qJRHbfZESG:QwQozypUUvyb7q+TaZnaw7BbraHan |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_base.dll | 395.02 KB |
MD5:
fda5e106201cfd688296f58f4a0b516b
SHA1: 1c0573372f8a2f6efe60e4fef3237f342bdf5f89 SHA256: 810e61145bbb738b92c15c7461f51c23ae7e88f7253c4ead7b70462eb1a72b6e SSDeep: 6144:HtRqSexKYjlX0EtbJGzuC71xTuGI9gz12A+oHiOqhJKDHeraTn65GdTG52:HtRqSeoYjVvA8GImhUUq+Leri6cdTG8 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\CHICAGO.XSL | 290.06 KB |
MD5:
570a7cf3f9915732f3934a1f6f5b3049
SHA1: b5af3f12b3666c0bb52ba538cb665c9bd3a9095c SHA256: fa06b7946958a091cc26c6ca5bf6d2ff10cb67ff373eaef9eb105178f5028e70 SSDeep: 6144:TbVFcffi7qIKGsyFTe+CCJznOVkUBARb7v485gy4yl9fPLXhryEu/9u:rDsGxQ8yE2s |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\E_YYe_Gq1htVp.m4a | 91.06 KB |
MD5:
1ef1df4b202080722ec4834491846da8
SHA1: e76870f53e7118441242faeb43feaf2df4e12cbd SHA256: 1231e9aec0b626432c0aef0d7f769c704f499a6707e6a205297e0ab957a8a60d SSDeep: 1536:9XazcLeaNZtmwT6HdmBjWs151WHO0qa50pWs0sgqypXqcofGAQGD/e22+YejOAm0:cgyaJm5mB+O1QWHgqypXMzDm229+7tJf |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Click on 'Change' to select default PDF handler.pdf | 182.47 KB |
MD5:
ace6b7a3bb33e3cfe2eca04c0906cc8c
SHA1: 224b77c22bb17090da838fb9dcc696eadee3733a SHA256: eeba24cbc2628bb73f3766577f585f3036b42c500551efd78867d7e9bfcf77f3 SSDeep: 3072:1kaVxJc6o6UZVGGnhqvg1uufbkP3aqZn2j9Z4YsCx2kOTyOLvqpKCyTbNmmaJnLj:1tVEVGmIg1pfbUKmU99nxfTpKVbNm7gc |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457496[[fn=Parallax]].thmx | 903.02 KB |
MD5:
82641a4a8a98d2d82a6da45a681f2a47
SHA1: 75ee1e9d482133c075f0ff7d3076e73e93bb942b SHA256: faf75035c05b85e9c0626783c798303635b48b69adfd670dae5c9498b85f0140 SSDeep: 24576:P2JMUOglU8MSgts/Aild0YkjbNtO1DRm8McPPWOM:HUh/Yg0hbO1DRLMyQ |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Redact_R_RHP.aapp | 0.41 KB |
MD5:
dd884f46c728a7517aa3958d1ab645d8
SHA1: 85b8fce7e18529483bcd5764e1f36066cda5aa1b SHA256: 221c82b88e717165c048c3c0108cd43a49fd3611bb89480eb4cd309330bdbaa7 SSDeep: 12:/Xf0NzT97zmvcoSx+rUBlV3pJS2OF24ICin:/Xfwvpy0oSxVlE2OfK |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\A3DUtils.dll | 163.00 KB |
MD5:
3cf3c2204d8c10de2871228a87ba9b8c
SHA1: 73cf5140efda695c982970f912efd8324402f993 SHA256: 50158733158b4ea828240d10bad93d28793d69a03cdc73b7a71bdbe45fc2d0e7 SSDeep: 3072:2EUxoyZoaRceP3Ag0DxrgKZ/jjaRsQ7j/tVJOXvNglOUKpbfOW2PuZOnT+uAZjNA:7UxtZoaRceIDxrFjjaRsQ7j/tVMlglOS |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\adoberfp.dll | 277.59 KB |
MD5:
7df267b87603f1b03bb34c6acf62f00f
SHA1: d635a27c2f14f0b060d21d6052cb57e0047b331f SHA256: 2b3b68977da9e4a5934c39d6efd9cc156f6dd9f3d69fa149a775555003620a79 SSDeep: 6144:saqqKcAe//cd0sApGLJHiSvUUaWwJ2wH2/ped8dIS4JXpLKujcQ6so:sqKJF0sAp+HiSv/M2gU5dRyXz4Lso |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\OptimizePDF_R_RHP.aapp | 0.44 KB |
MD5:
4a80512e18928728384227ea231390d2
SHA1: 4b03ab1f8272d794e6c6b31456a5f23756fc1ad9 SHA256: 4d847820e8774241602b1e37bcb674d1b38d60abad870fa7439ab2fba8712d26 SSDeep: 12:WjMnIOM1KzOBMrXvuvcxmnAldH5evb6YERv:7IOkFBMr/uvcxmnadH5+o |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\PowerPoint 2016.lnk | 2.41 KB |
MD5:
61c04e5437bf0a621abde1b41a5921b1
SHA1: 315e06e317d5c0f83d5db5aa7328159b050e1910 SHA256: d7647e59aa5f2345a6b011d65d65fb4edf45d7dbd9323866c788f118960aca37 SSDeep: 48:VzCdVMckX9AihStWrSsmPnjUEm6VTOPnnnnnnnnonP3tsnnnnnnnnnnnnnnnnnnk:JCdVvY9AiEQGPjVOPnnnnnnnnonPKnnk |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Adobe.Reader.Dependencies.manifest | 1.78 KB |
MD5:
5525f074c9be3b0372e05f290ec15aec
SHA1: b5a5e421eb2cbf9775026ac3dfa7e3b9408b554a SHA256: 50af9bdf59fa51bc2bdb0bb66180db5f9d7128ab45f657e4f1ab77193f466622 SSDeep: 48:9TFd1y+2+j7ED4FhLTAZKAXk5ia0BiFyD5yeXQ:9Fd14C4DmhPAnQi/BiotyeA |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Welcome.pdf | 75.69 KB |
MD5:
9943ef11fe72b89f96b1579c9c904444
SHA1: 9d8f06a01cbb36686d6b764b9f7a52cab4c58da6 SHA256: 5c431b03a6d80378ce8e9532a8b2703fe074aa205559d23fc22e8876961014a8 SSDeep: 1536:R2zTIUJetcMQLJ0FmEYZSB2W9FScRHYFDj9K7nI1PT33Z3L43LBbbV/DBRi:Ezc9xQomEYZSB2AF1R41j9K7MPbpMRhe |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328932[[fn=Picture Frame]].glox | 4.23 KB |
MD5:
60b91edaf93863f7d817567120ad4808
SHA1: 4dacd9dac318d9db44732bf037f8dc9c62ceee37 SHA256: 2991ebef6c68842fe8436ced806b46431ea6f3e56f49fdeed942ceb14706476d SSDeep: 96:7jK5kQ3MCAXk/16kALSBGYLM6gqE9n4XtJ0FTMIg6xtZjQ9/s7G1p0bMaahadMW:7OiPVk4zmMobRs8tJ0NMKtW9/s7ZMhlW |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings | 0.03 KB |
MD5:
17ccea87eeb2f9405599bfa6782a33dd
SHA1: 9123e3cf90e820700223890ccd675abbffb60e3b SHA256: 13f1b586d9bd60fb8a229e83625a03bd8a03773edccb39bbe15ebb9873c73577 SSDeep: 3:jChuWPfT+pIYm2n:+hwpI6 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Local\screen.jpg | 821.36 KB |
MD5:
efb4ab6a219646e2e2ee27650f837982
SHA1: a46b1841864883e1a9a9be899c4444de3ba57283 SHA256: 34336b99733fee1ac47fdd5d65750d27a19ba6058ef3b400a249d82f1678725a SSDeep: 24576:Cllyr3oL2XE/FCKyf6Yn/4juBFcYxFEtJ1+2ZSV:+9/xyf6O/4Kab5ZSV |
|
|
Modified Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIDE.dll | 1.09 MB |
MD5:
fdd6b166fb4115d4219b6295e749af8a
SHA1: 7ca65600b24b516d961d4c19661c7ccad6633300 SHA256: 5b261e787b477df6417c329386c5084eee7377f3143e3366cb74f824cf53e1be SSDeep: 24576:8o10ZG5bDu2kFrJ+ukpjeKpRJbF0jPqcnvTgDOnjJudb:860ZeDu2kpOJbF07RsDb |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Edit_R_Exp_RHP.aapp | 0.41 KB |
MD5:
2f9be6fc770fd9b671ce10e7821ed2ca
SHA1: 3ef9e47e6309f04da3647adfa490cdfb22983196 SHA256: ad7362c2f0011cba758f2ac0d4d6bafd6bc54700e8837e869c60b798a9c5712a SSDeep: 6:ZrfZn2OehOw6XB8dLdGoj11+KqKN3KUPeoXkfId1AW+HFgHxKVI2NCwDf6Ox8NpF:ZZn9Y8Wx71UKZKhoXkgdKW+lLVZ6hpMC |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\CPDF_Full.aapp | 0.38 KB |
MD5:
9be4a557b58306b203ebe9e71b37f013
SHA1: 6d3cdcd15dc778c563e302f46b7bf8cc499654d1 SHA256: 83ba830cb262158b92fcf1ae17cd8da627c9f00ce3695db76933f13f7e76aa22 SSDeep: 6:wsabsfOU668kORuuUtSFnQRa430N+tSDIwI5w3HcJ/xU9Qeo3qss+gb7:waG68kOLUEeRa430XPI5w3HcJJaoassN |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe | 345.59 KB |
MD5:
08fe7e98d10290c46e1ad4bce2314138
SHA1: c5d07f32b3a62c7161317abbb65ef2c8128fd8fc SHA256: 20ce401231cb43e04a484a744ea5a2a0879e30d127b5695663f8b62230339141 SSDeep: 6144:q876/QXxbnMtw29VUCYF5J00f3jj8hNBvqpGkd8z5yJVE8bCNRtDMdwf:j4QBbM+29V7Sjj8hNpcJ2Eb9CaGf |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_base_non_fips.dll | 371.02 KB |
MD5:
7a953f8c57badec84b54ac1c3e0b3bbb
SHA1: 331abcdef4c7655c49c10b4327893dcc6faed0c6 SHA256: 74460e7520230056c8bc04838f2a6fbe0398e77fdd56778cdc4b8f36a8ab00af SSDeep: 6144:Kl86dYMp9eGj6OqshaLK2FlVgOWS4qGQsnafdTBxmm1pRO5BT9r+7iZ5gBWPvSL0:rm6O0LK+l6alTDmipRyBdw0gBWiL6eo |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Protect_R_RHP.aapp | 0.44 KB |
MD5:
6120344828d6b073428a2d7f7fc89fcc
SHA1: 999d7b4eaabff28d99ca892540dbc573e56059b2 SHA256: 4e500643942244bf996077df6a1cc8a01a6fe4bfc20eefe17d80e927a107538a SSDeep: 12:dMXi4YK23Aa9X0jIyQmvjI6bVJVZ5fBHxBGv0GaeHiKJ8:hT3f981QmbIs/x3/GayX8 |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef.pak | 0.02 KB |
MD5:
43b71338b2d6a156f59ed90bac092655
SHA1: 42489fae52683e1c4a56c3f14f22e7440b3bdf2e SHA256: 63774f172e90688f5ce989fdb8dd591819847fdb1d0af7156032675216634ddc SSDeep: 3:Twpo:Twpo |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328935[[fn=Picture Organization Chart]].glox | 7.20 KB |
MD5:
c4e95b7b0a15d7da952006c554237f23
SHA1: ae9f1ef1412fe9bf3611f086778c261885c1f10e SHA256: 0b4dc603b73b1f361f0de0c1359eccaa10912f0ced09e55e898b8e2a973a55ef SSDeep: 192:U8ziMEwkxmDr42wp167hR7xTv5t4T614a:DeikxmD82wu77t4ej |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457515[[fn=View]].thmx | 475.20 KB |
MD5:
2487cc4ed553cf15439afde15f5f6e39
SHA1: 65069363488c439f8ecf27eb897f296ace480412 SHA256: d009a0426c32b4bf9be13061a96a8311b6664ecf2c8f6fd3785139fdcc8c6eaa SSDeep: 6144:23NONJb2ksVIKBUbTazVV4Invs/47lBhh08n0wHpj8LReUegJVKAfNTzhS/ol:8AJb2ksbBKT7InlXhhrvpYL+eVK6hSwl |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Flash Player\NativeCache\NativeCache.directory | 0.02 KB |
MD5:
9f6d2b955852ba0afe9442e2f24ff94f
SHA1: 56f964d2068062f9babadeb2d8e05905e9f1a4e3 SHA256: 084595ffc38547101ceb9d51459e717769a022496548caf14b5909070b83f198 SSDeep: 3:lAvoY2Vn:lBY8n |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\MLASeventhEditionOfficeOnline.xsl | 249.25 KB |
MD5:
db81a4cc64ecc6efc2d9f5f9fe0392f0
SHA1: 145e6c3da6168948b4c0e322eafc0eb685c7934f SHA256: 613764f2ebf252c0ac302bded9c9ff8eb452c520ffea1c18b33c8f6d747aa03e SSDeep: 3072:UNz+rd6WkETMTIoOMWU6hJRAP5AG31K4ax9NY2o3akcq5f09KMFau7YV:UJ+rdnTMTpOjEcx9Ndo3aktxMV7YV |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\AppCenter_R.aapp | 0.30 KB |
MD5:
8e9650c6436e0bb9fea5a057dfd5e3dd
SHA1: b55b9c6f451df4973665bc20b7c5d157f2762d83 SHA256: 46644cb2c1864ad070872f07c0468587808bcccaafd6639ca982ea29a22029e3 SSDeep: 6:M0XW6H5EtHWN502nbHhr1GnH7NiItAWgCdqUns3cGsHG8Wdn:MqW85d0mbB5GHBiItAC8cGsHGFd |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\hGiFShE.mp3 | 93.05 KB |
MD5:
eb8702bd5cc75a3fbf3c2d192c959124
SHA1: a115bcbc4eff814f12e4a4abe3488cf040618cc9 SHA256: e20c735c30300dea8511282039317a69b404246313a528bffc2816aa8d970ee1 SSDeep: 1536:HpPEErhSjg4qFkLMGYlbfPQgOGszA+PML24ZqQBh+ryOGdKjVih9MXvKO:JPzSjgrFk7YvYA+PMaQrcVhioXyO |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\5N0mP.mp3 | 5.86 KB |
MD5:
f6c073668cbd01dd84456d91758e0c36
SHA1: 550c9d5448f4573036c8490c21e499848a21a459 SHA256: e630dafb607ad62db0d12c0d11be746c9934988780718dcfbc3de689f0fa86c9 SSDeep: 96:LG8MpFRVvV/gWlsbXfTJYld1Ehxn99SEbriF/b6Esx5MbKUwy6IJ3BUTv2RQdnib:e7/m1vtYCNOAWF/3HKUwSNBA2R67q |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | 2.12 MB |
MD5:
293aa77b13e80830945066109567222f
SHA1: d616de8c88ac806e2d52432829847444657549d9 SHA256: 6e442d11b051d77be7d3ff54c57b51e7247a76b2b42a5692205387caae101a53 SSDeep: 24576:yk5lZjpB2qb2OAuipt4kBZOotV2b9sS+KcMNfxQ8jrpfyoDquMnynLhbovCXbDmE:DXZmEWRptBBcYIsrMT9fyoyKUacDc |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ACE.dll | 932.00 KB |
MD5:
a167681209fbb4e02565a5347db50b84
SHA1: 28ca3c3b2fcad97bcd19feb7ffcd03a789278b4e SHA256: 47cc1991dfefb3785c2273152929ec6532561365d7762efc7248ac65cd14b8ec SSDeep: 24576:nZWT82lCpfae+5ffU/EhxQrxLNRBI/te/:MlUpV/HxLNRBiM |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Edit_R_RHP.aapp | 0.41 KB |
MD5:
ee9ec229a84cb8619152c462052c0a04
SHA1: f568abde33e4bc549e34f596f2366c03de9204fb SHA256: a015b0f141419e42780d848b559c4e346c85300fd64cbbba277130c85c95f791 SSDeep: 12:w0imGNJVwb+EMItSa0ayQVDKDso4poj+1:wTe6EMvAXPpojm |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Onix32.dll | 744.67 KB |
MD5:
c99fc892209f93c0c92a822913976405
SHA1: 88afd282d7c78bf3bbf4c82b7c728e5a2f66909c SHA256: b045ffedd7061b56420fa0f8e4692399d0b043ad670f4f90963e7fa71cf88821 SSDeep: 12288:b+t6ra6TPCXnA3CwbFjosTL8JQbf5/bAyb0qNFYEDtFR7x/COKF5ZZGBaYaa7siX:qtMTPCX1wWsTLqQbRRdNFYEDtFR7x/C4 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Welcome to Excel.xltx | 483.16 KB |
MD5:
61926edeaf59a1b2a53df036ee8faf93
SHA1: 461ae3316b08ba46f0ef5fec68b632a36e1a0a3a SHA256: 7e306b306e70815cdab9c5972f6db829622b8afac03b656ae7d066dcd627a819 SSDeep: 12288:U+xOtPn1K8yHLepn6AGoFawUCwjCJif2Un3Y:UGOJngfrexGoUNCwjM61nI |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobData | 0.03 KB |
MD5:
9418497ff809afb3072c84d7a84408ea
SHA1: b19d728da3b4860e98794bcc470c55a6d731bb9d SHA256: 9e4ca365f628e8f8e219dd34ac124ecc9ec61e196175a650946720e54038f504 SSDeep: 3:3UMnkA79fKTn:EMkAB0n |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ViewerPS.dll | 16.67 KB |
MD5:
54b02228ddea710652a742c9074bcdc2
SHA1: f8b49b4698ea3d9375f0f9713267ec2e4869d338 SHA256: d81996fab7e92566302dec40c2e74c088f38d118362f2af4f0a4956623c9f537 SSDeep: 384:/a0jZ0SOSF3kkHhdVKpv9mPNGu3hRqrdP/7Ho:/Jsk3tHhdV89mPvRqrd7I |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\gwX91CRt0Sj.mp3 | 30.27 KB |
MD5:
4ac2fdbe8cd13f11f30652eb9f253f2c
SHA1: 2fb4f787b1ef1255ba4d14a94c7a4466cae4e6e3 SHA256: 3983b78070a1edefa31b3af55de9e52911f5f2b558449059ee919f8cdc7bbbd7 SSDeep: 768:PtjKL7ogEblJLL9nN15PZqTQB9scpgqcQ1xTUF0X0LJzC5:PtjKHoTnLLR9Z52m5pxl6C5 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\TP9I5YPYS.bmp | 27.66 KB |
MD5:
07c291e83e6d5c83e13ebed73f77fd26
SHA1: 6d2916b66760a413ee53ced44c6b334783a2b25f SHA256: b93b5f3982eabcd69f200ea5a025986da1a75180957c90f8410ebcbd92a03161 SSDeep: 768:JR+2KlFINrIINzZ+iQl3EqbIylMMNLfQrL:z/NrIINcipqbIgMKLYrL |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Access\AccessCache.accdb | 196.02 KB |
MD5:
44b642b3d4c23c8e8c4e99800c8ffbb8
SHA1: 7c53c72eb688b5cc4cf30296d11dceb9e130a190 SHA256: 4aac86f4841b0d76b333534b8e25faae2bfa6dae9cffc0d0815ccca7a21968f6 SSDeep: 384:N1aRGMr/rumfqUcwksLZHbCvG3kphQeBbEe1KVJWbjTo5:3irumyUPY3phQep1GJWs5 |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\d3dcompiler_43.dll | 2.01 MB |
MD5:
753c7953956b0df3135ac85da7ee0868
SHA1: 12a7951fda2741a34e31fa64cbd787eed6bc17d0 SHA256: e4aa4083d4abd94aa8c0a858b3e0be2304a6cbe94fdce948e75abe18a3c4ad18 SSDeep: 49152:bOoalGmkqwThXih1t4jbZ9Y0FhTG4ILGh8tmz:baVBwZWt4PZ9LqGytmz |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\cjaeW XgxzGyM50.doc | 9.39 KB |
MD5:
0669ce1122e959608a5e44ae88a038bf
SHA1: 125ba79ece9bc63a14292b12e6bceb36515d4389 SHA256: f387b8cfc9d150967f9a2db7b8430195ae038cbec359288705f4ee31195b464b SSDeep: 192:zvboLFe/hfQ122KVyw9s6RXMCjXWuGfFwC4JeI1goHSfoV5z:zvOFeJmkV9NfbWrfFwC4JeGyfQt |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\BIBUtils.dll | 154.50 KB |
MD5:
2a6506544c7146ee8d62aa920266fb7b
SHA1: 9ad09f30571699470a1c4f1e6704255548b69ccf SHA256: 3a16026919a3001e085202cebb4fee55bd948b02386b6006cdd4e0f98579392b SSDeep: 3072:ZBWzzJUCGYTPkfn5rqtFtfUJ0Und+TFPycpPnPO+PZRAiLOA6:ZEzJiYTcf5mtfUxAt7uwZRAiLOh |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\OneNote\16.0\Preferences.dat | 5.08 KB |
MD5:
370b88ecf2fbaa7c6c258b25c2365e32
SHA1: 25c832180d1b157b7ffb29b96a1b911077b6d6e8 SHA256: ebf34eb4183da9cd83bba5b0ccdf610bf7d7a6b3beb72662bf99f2695a16eeb2 SSDeep: 24:UEc1azjBXP2PSlfjH6EQzibZyZfdvJHKf6:UEc1aztXOP2jaMZmFJHKf6 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\APASixthEditionOfficeOnline.xsl | 325.80 KB |
MD5:
5312ebbbb4d928dd3d29c584efc6c280
SHA1: f8ffbb17c8b990afffc44798424dc550e52bf03d SHA256: d15dec04827ac77082b32715adf53c34a5a3c8310466b3aaede2ffc30297e270 SSDeep: 6144:YZIVbfsabSCMBXhw5P4D/yWw6mosq+Xo39hAnABvHQ5wu7vpUnHJShERGNHK7U7P:YZIVbfsabSCMBXhw5P4D/yWwx3FXo39y |
|
|
| c:\users\ciihmn~1\appdata\local\temp\don.bmp | 22.88 KB |
MD5:
042e52b835aa1df696dfb4e1e83ee2f2
SHA1: ecee158a81d724cd0e82f73ca30ad07bdf7ece8d SHA256: cdcc488f69cfdc21ed3f66582e159cf1dca68b1e5c13b18bd9ba0734baa09f1f SSDeep: 24:49YMWko0XxDuLHeOWXG4OZ7DAJuLHenX3I:49YMiuERA6 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Office\Recent\Global.LNK | 1.48 KB |
MD5:
3771f4cc41c983a34fb670b6c9261de6
SHA1: 5061e75c18a21a919a19627150f55d9ac7245af7 SHA256: 6e5e62904e181c0dcbefa6ea90db12bd8dcfa83a8ceaead06d57758cb4479575 SSDeep: 24:Sv/UG071bAELSwnriFCbippvbHBvk753ROeoeW8CSlJWB9cI4rTOMeHjx1pxOrWx:SUG61bBLSwricippTRkl3Jop8Rab4r+B |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\PiQQ2Af9SozQW.bmp | 8.36 KB |
MD5:
87450d13b9c68ff2f2b395a7e4eb5304
SHA1: f41c582f0f41f85fda0cdeb400f1b91f91788bea SHA256: feb2be19cda155732f11a60dee49c37db3bade36223b9a9b4cf85477b8a42935 SSDeep: 192:YWPrlHXZjpWa9eB7/MqlamOdhCeuUw3i6QiPF8ZYHYa+zO/:YWPrlHX6PxF/yhCKwNBPFkYH9+Q |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\FDO8HMeSGmQJ.mp3 | 85.77 KB |
MD5:
bdfdb90607b74894a6251b5782a795a6
SHA1: 125c4a5576ed9b489b6b4ddbb91dbbfb84fdd9dd SHA256: d2b45d74d3bdc930faeaae60d42e69fef9b574cf0047189ebb54a7ea032500f0 SSDeep: 1536:zRSmhFrM7U5Wcbr4i9vxDfme/XLKM74cc3PijpR9SP1aulkpY+YkdTxfK:3hFrqUnX4+vxDekmM7BaEpRUlmY+zPK |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\pVHPwtaaDNFAoC4M.wav | 45.31 KB |
MD5:
e610c36f55e7a17750140fbac7826ec3
SHA1: 4b01b4b43302bd18e750d9f33f159af9dab33b5a SHA256: e58f0db894a82676c7dac1ece0084a5521249fe14470f8b03148f7d7c4fff18a SSDeep: 768:Ue8SjhMIGEu4pefdDUv3sRzgFxBB+JCBz+xA057ZN5ftYlxpNfV18tk58zj+DK:3dMHEXIf1UURkBB+4c51rftapNd0hzCW |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Outlook 2016.lnk | 2.36 KB |
MD5:
47a2770655d7da175dedc780e695a594
SHA1: 3fc53b20e47654a52188845cd71b27f5e8477ed6 SHA256: f26e5d1e4f926c6a5ef9468b3aa1986d727a9647c13ee2a2971ed3abba2707b4 SSDeep: 48:JxZLzsaag3tq4mo7QmroLEs9CMscHw5UWxQ1CL5INa:bpTbdX06oQs9CM3MUMF |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001103[[fn=Headlines]].thmx | 526.97 KB |
MD5:
6be7d6edf9fa6de15d7bbf34a4c66c43
SHA1: 4f656adf275c33cea354a8310c4c1453ede9e92f SHA256: 2a199fd1a813dda987c63f337e9ead3f3f515d8af41d6a66806fc7c2cdde159d SSDeep: 12288:99uysOggvu9FgA42GG5H5QTnNNC1EjmI8UAYTax:nuvL9O1jGt5aNNCg8ULax |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328893[[fn=BracketList]].glox | 3.94 KB |
MD5:
42af2c0bac980acf05a2afa90b6a6723
SHA1: 9cb40013b0dd993f7975128246207b0d3942007b SHA256: 0a9c17f5a7962e39fd6c857e64b034c5e1b7919eadc9798a8883f11853e85ef2 SSDeep: 96:sGyYnZpArCifXfsS39i/U2Pb2AQ/7hmGEQQSwWUd:sImrh/ES39isEYDIYwWUd |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Home.aapp | 0.36 KB |
MD5:
315272fe5f871d99fae349985f729699
SHA1: bf86da1bb8a6a999b3a1ef1fe9b16d9a40619596 SHA256: 629716502f0a8bfd4a49b223af469a6bb994453cd463529a8aaf76613848d9aa SSDeep: 6:VJN7cMdL0rVL6KnrbqmjrLxXn87tcp1Hzv3y152DFoA2rehDJsKNKsLtspmTK3iF:bOXX3LxXnDvC152DWn6FJr3Sv3ioS |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Acrofx32.dll | 77.19 KB |
MD5:
4bf0397e63d9c8bc7cad7ca33cf66d4c
SHA1: 94021314acf80968faf8bb1b0f73d3a990ad2d73 SHA256: 497c7dde0e2db352c2158db69b1ac054aaa78b99daaa91b85340636ece44d086 SSDeep: 1536:fODmsM/5TXg/h5HBAD+LWQ3TgrPEH8TP1GG3v+SAEMoeFtfvKPDKuEbVIqv:Yp65TXg/LHCqLh3TgrPEH8xGGf+jzo4F |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\0FDED5CEB68C302B1CDB2BDDD9D0000E76539CB0.crl | 0.62 KB |
MD5:
0904ac42a303a85726c1dbadaa15865d
SHA1: 8b0f8f7fe6bc944ac3590df07084399594751628 SHA256: ef88bc476319ef9d586d35e3e11ee17ca127007c0b7fd337ca8c7c89b7c41c35 SSDeep: 12:+Ky4ZVc6ubvAlePuAsArmEp94FWCFNFVds/1D0kERC0tCi9cBuJDjv:FVc6WvAleGxASEpaUONF/s9lD0V9tjv |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\FillSign.aapp | 2.62 KB |
MD5:
e60c751861516ad81d8b46597ec9a001
SHA1: 9618deea1dbbfa808490ace918e655fe08780e4b SHA256: 6d7b35c69665ef1c250e0347d87dcc5a775784b0b94cfc36e2ee9911cefb41d0 SSDeep: 48:zQ6cythqYulQcLRR+RDcTqC/A+ewYAv+l8bQbR7FMTxiSwJw:BxtsYuh2Xc+uqBuxiSd |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe | 866.00 KB |
MD5:
28ee974dd96829366ab78d82fde7df39
SHA1: d215505d609a5d909a224b11621f52dca05f04f6 SHA256: de5e0e5b6c783a63471b3c084e20c21ce49802731eb2635f780d98dd9f6f7700 SSDeep: 24576:nDgwEYGxuatZzsWRWZ/erJFbNQ2bFpiL5JOyLflmcR:DOoW4sQaF0L3OA7 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Jj961q86p5_E.mp3 | 1.70 KB |
MD5:
22c4cb6781c2b07f817dfb3859be2caa
SHA1: f3e716166efed02c90e0f27a7fec8066450e2907 SHA256: 0188cd1e47f0a7b0565232c665088b027c2f191f96bde4bb6981609afb3724f8 SSDeep: 48:jv6MhZsGTRfUy5YAd35YBA0EYqWM9dcmuUsbutBFHC:jv6MhisRsy5YO35YBAY5M9mr7iBc |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\TURABIAN.XSL | 336.59 KB |
MD5:
6fd94afe9e2bb4a89dc02c1cabf0a6b2
SHA1: 9d44a5613bd5341218a4e8ac2cbf58f3cc3920a5 SHA256: c53df58351314cea98d9a0a0b992f035372782ac4b2cc1e474c7bd3fa8fa5758 SSDeep: 6144:aoxL0WzLWguLcvI3Yu2XXNRzAw/Z4E4ImssYxYD3AOe7wrZRqaYLQHWmyQ7Rdvdi:aoxLtLWguLcvI3Yu2XXNRzAw/Z4E4Imy |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001105[[fn=Crop]].thmx | 524.03 KB |
MD5:
a2d647c693f7ae4286b6b84422fdd676
SHA1: 22b18d9dd7a96044e3a1c93844336e7f4349bff2 SHA256: 77ff8037d369a7665a90c3a3da5508bb68c13e5e1caff920f773317dba39c32b SSDeep: 12288:GkkhUpb7LREwUCn7r31yrNgUg1535yc5P21QsY/zYxXeRGRqR9:G0V/REpY/31yrNgNTRP21Qr/ztI8R9 |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\cryptocme.sig | 2.88 KB |
MD5:
5d2061e0709b79864a1f76b6299b185b
SHA1: 922f9efbc4e32176c95656180906f954fe889186 SHA256: ab26841e1f64ed763a14bf250fefed05624016f7a95d1de41f5daf128f77876f SSDeep: 48:3Lt8CLlK5JlZhQ07QfTUgWPMKzRHScvuH69SVkIHx6mwfT3WOn0jAaldb9O:3Lt45JlZamQfYgWUmMcvuawnHxTO3R0Y |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\1HGO.pps | 42.27 KB |
MD5:
54c361ff6c5e7a4bdf0e9deb8b15fc96
SHA1: ee4452097cee0947c75321528b3cc7f87790a279 SHA256: 3fd98018cc5f0bfcd17d24ef8c9531ffee271efca121f4c862f1bddc27a80a95 SSDeep: 768:rg/3VBnxTNQgzrHv3Cg1LV+58HPuE6YNvCmpX7L2bJcLpIm/CVnDrVH6ax7a1:SPnvp/9LV+5k2gxObCLa953Vaax7a1 |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe | 84.09 KB |
MD5:
89281f309b385e583b501d4761ae98ec
SHA1: 87dce39c7cbad02e5de8bff66da1c25b893c5b2f SHA256: aa2913fc926a79d1dc6d90c2ee87423a7e99a0590dcf4abc7967b03c741019a8 SSDeep: 1536:lj0nmCAyg6W1wr/50N31TIMyHZtXUohOLzCKSFgXQVDfYJhLrQRMh:lInmHyg/W0THCgzRuLy3QRMh |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Word 2016.lnk | 2.41 KB |
MD5:
a4432ab0bd8cccff53176feed9e12321
SHA1: c38092421c790b90234200255407349dd1b9aa3d SHA256: 1c1f7253ac8f24feda85e0db267588efd9e7b9f7e4ddc61f99962bc24f866160 SSDeep: 48:nAEXy7agHi087R3G6n7d4uNNcUwwwwwwwVfE0ItG0X3wwwwwwwwwwwwwwwwwEHaq:nAvPi087lniuMUwwwwwww+H3wwwwwwwY |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328940[[fn=Radial Picture List]].glox | 5.47 KB |
MD5:
f7d2cda0fadeac347e7c4f83d80a0c8d
SHA1: ec15ddcacff4d686e390778d46c517ff8e649921 SHA256: 8ceb1ce651d4a816cb28a687b7345322d4052c7870d4d324f45ca21769d1a4d3 SSDeep: 96:m6KipQwAG58TLKvdrngzeGtiOYwM+4fS01pTA9urovhLK9RGPGcWGKF1V:fzqwAG+TLSgzP7M+LsUurMOfcWGaL |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Scan_R_RHP.aapp | 0.45 KB |
MD5:
3cea9b4abe404854a08abf14d0fdbf92
SHA1: 5747db1ad0085def86182d52835ea5885aa0fdaa SHA256: 0ab13763d9c549b26d0c978e400da0eadbec99b0fe4fb4121cb36af5c26b57f0 SSDeep: 12:2ukRVPiiH+MPYNg6VQ3iZk/IEbCiPJ2XQb6:m79HfPYNg6VQyZqXxOG6 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\SIST02.XSL | 245.45 KB |
MD5:
b56ee981ac1bf40bcb60ee12a8a2ba2f
SHA1: 1c3400170600532c278a1a9c033f3ba2d7c418ed SHA256: 935d92ab02acadea094d93960a0571017fd318ebcb167c9f46d05a72b79fb102 SSDeep: 6144:YLJWgmHLRJZNyV8oZZblIv6a9eMi7Mrk03O4or9DQjbf5iU:yrmHLpNyOeZblI9S9DWbf/ |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk | 0.02 KB |
MD5:
7e9945279a47c5b4f83a6df5205de95f
SHA1: 575dbc60ddddfaa3ceca50d5520b5f336959c232 SHA256: a6ff62c9347710473c0ab67c156fbb25827893a3e77f24b396f009b89355ad5d SSDeep: 3:Tgu:TN |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457464[[fn=Dividend]].thmx | 557.53 KB |
MD5:
860f38a1e8e32a194e9b0444d97114b5
SHA1: 51a91afb06c8c35796d390a6c9a4404583f03c87 SHA256: 57fe7de0b95895e534f9ba7a303b58b204f61d245ede803e61f368dd5bcdd760 SSDeep: 12288:74WxK2Zd9++hWcX48CCkZ9cvpJF9Yr+Kk7xpsqT4dI:EWxlZd9FVt4ShXu6fxp5EdI |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\gW_ 0mkl9Fl_moi.png | 55.59 KB |
MD5:
be9507720cd19bbb875d3011fb51c580
SHA1: cb8ea4510eb9a140ddfe7d81861a14638fdb45af SHA256: be0373aa25bfbf492270ff478528d5d9544cdb19888949722772bca8696c5e61 SSDeep: 1536:/1WJE9gOXVOa9ZGVEl92Kj+oezFqrJSxqw:/JXj92KaoSSJun |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\EPWxIuv.wav | 2.36 KB |
MD5:
e93ab29f677e22df0db53979db16bc71
SHA1: 798359722151b9799cdf7c92c2849a3d90b4c815 SHA256: a0ec59de2a48fab167d506bf98868815e681a833d83faad88d9e7c36f697f125 SSDeep: 48:eF744IwOjBosePYeYu7s3z78N7oEDfediFnxowRo/:e5nIwIBSYeYu7s38FwdicF |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\JP2KLib.dll | 752.50 KB |
MD5:
2db307acd7ef6fb1733405a6a4ff5d22
SHA1: a2fd5a1d4e586c8856516a2f0219479e24334b4d SHA256: 4906ddd5a0a2948a9e4108c5f57d23c79ecb1b4b5d6050116b943da2e5ba1d0d SSDeep: 12288:IJSxVb4iyG3AX2DfZNGBahs4uT3qL7Fz38TQ7L+Bjbbnioe8lDobbbGUp2MNky:IJMyG3Amfc4S27J388fQjX13l0bbbJ |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\CollectSignatures.aapp | 0.38 KB |
MD5:
2bb04053c2d49ab09669eacfa5c5cb60
SHA1: bb34b2e138dc0ed306254728c6f7b2ae6e43bae7 SHA256: 4921c6fb96719a43f29fb69ac6ef5b253d6498f33571eb9cbe4941da0b60e89b SSDeep: 6:MK6WEc763P0vGQ/uPsxNgHax45H9ry+OLCj0FFQHwBDJj7y0WbOP3Jlnp:H6WR+0vG4uPXH9u+OJFFWwBFjaYvp |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe | 44.00 KB |
MD5:
64ec9443df74839f22ae10d7dc415ad7
SHA1: 1409d1e843ba56b997b74de317621ca17768733f SHA256: 2e532225a964ad5484012429318a0137749d69bdf0ff19ab37ad1c632a87167a SSDeep: 768:WuIxEBSYrc4gdgEvCcMmZkjzgjWuxZM5ak+yYc4nZUmzG+GAL5:W5YQcECcOgjW0R32c7l5 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001115[[fn=Parcel]].thmx | 593.88 KB |
MD5:
336156df121b5a08c91b169b0c03e108
SHA1: fa2920bf7e6a63a2d46d446d7009686d442034bc SHA256: 6bc83dee27ea422278e9455480e3959d98f62bd9841763bc57850f7eeef2821a SSDeep: 12288:vAPA8AgVtKbSRI0iah1OQGXXORKgJgoy7q2UwURWE0UlEz3589DQ0Wc2:v2tAzb6I0iah1OQGXXORK4gPxUwURWfd |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\pmd.cer | 0.42 KB |
MD5:
381f347323c862a508a5497e6d22e313
SHA1: 2e35246f1925b3c77fe22ec092cc40860fb3a999 SHA256: 2ec792c95c409fa1c83a30968c5e5fcd06d57ce85d0c07516dd1fb84797dbc3f SSDeep: 12:ScC6Zn+TIrC+NuwYqF/AkgZh3bu1vhP2xXM7OB:XCtQC+lWf324wOB |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328919[[fn=Hexagon Radial]].glox | 5.89 KB |
MD5:
3141123c3fcd561882d7a0c515cefbdb
SHA1: 958dca3c04a3a158f31f7b3d4aba0b33549c55c1 SHA256: 97d8677923b2a93d61ad7091210b7f96404334badec0c79762a3b1d00dd90562 SSDeep: 96:QD9jw51wt2BxWLhtpIBzwtXNke+aUKKl8uFHkMI+psXQvrOGQEXQNIY/ZO0auN:C+C2Bwh3tXH+AuNkMimrfQBNVRO/uN |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Office\Recent\Documents.LNK | 0.94 KB |
MD5:
922d62ddd5d5febd9c9c819a275c0e77
SHA1: ad224cb8016da2c8dfecfcc817dde634144c1a84 SHA256: c3435d84e4bed647291f8f9751352a325187ddcd411d63a941ea37f04d803a23 SSDeep: 24:4UuyqkNcMZpYRzmwBLD+MQXZQaOLFIyx3ycirih:NVOYgKwBze9Tyxj |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\logsession.dll | 392.09 KB |
MD5:
bb72eb87eb29d473d49cd3ec6315d8a5
SHA1: 93cee6907e04d7058ea5dae1194b30314a60c673 SHA256: c9c319c1619448996ac0fcfe3c759398c666b25d7670eab815e10be8e383ae75 SSDeep: 6144:17I5ZPGz8s7iCs4ritq1Gx65HQ/lAyzVnJuwCxs8A/D/qid7aYRtIm6Zgu2I5SO:FI/PGz8UHC0NQ/9Hu1Ab/TdBqgu2O |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Compare_R_RHP.aapp | 0.44 KB |
MD5:
3276671ff09792112c15f2d8cdc4a57a
SHA1: e661c2648d17afc8123b5b46db50d151d09e2588 SHA256: 5f5b0a111e0490862e1d6702202fc27c10fdc7948bcb6a5fd91aaa5957ca0f2f SSDeep: 12:DTTtbHssIbZ4OxZvJM0Zj27DJ1CqfDou0Fjzc1Z5YLce:LNIFxZvJMI27zDou0FjzcX4D |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328951[[fn=Tabbed Arc]].glox | 3.61 KB |
MD5:
f10eea38550c638b899478772b48fde5
SHA1: 5cf23a237cbaaa6fd5c430fea04907ca4947d07b SHA256: 89086ae4a23317bd0421607163f002d98c9ee5f87aeefdaae906a5ace52fc919 SSDeep: 96:lbwcgc3FugTsRgq6YJkEhWesqbPmhLQVDsTLuaGT2:lbwcgcVugvq1L4ePeLID9a |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\icudt40.dll | 94.67 KB |
MD5:
7b6dfa24b6f1ee9fb240aa5d8e198086
SHA1: 2f5de864c5e3e059f95eb11f181e3e81e342ce5a SHA256: 7edb03a316530448f418b38006664d7cd39d79a2e021a7d197da9fc8b8315272 SSDeep: 768:tbWe+m3DdDtBtpc0eysBqUqrMa13PpvPRHctc0QRoSCEDtDfuYaYoaDvksnxnrNc:tbW6k0eyJJF6c1hx8gxjPKDsV3yOyWu |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\ISO690.XSL | 264.31 KB |
MD5:
90332f49dc87a092a7a28281366a2baa
SHA1: 58fdb5c2a20981a14fc447de3935c56b4d5808ae SHA256: 7d7797eb36e9ab92bc16ed6bb721408cc1ea3191004d655d982ce3ae0cf3e26a SSDeep: 3072:6yesuKq6cGu26A8t9vOyYqrEFRitYOKsRSEWelkn4bVwboNmISSY7nt1:hjIv2yYqrEriKOfzlknuiqmISN7v |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\rt3d.dll | 1.52 MB |
MD5:
d8ab0dbf3475797e659bd7097a5c1a9a
SHA1: affc07f9880501bf5f11039a57a523c87464d8d9 SHA256: 4c296167b50b809f22fbf57f8608a9a6836233216777788f5f6a6c64e220753a SSDeep: 24576:rghEvOv1Ul3sfwR847jmoz4mvqMqh3v9/rv8F3BLlcvPdaZRvmEQqUOgx:rix+lcoRBW0d6Vi3B2t1EQN3x |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk | 0.36 KB |
MD5:
03be883131b47f349ec46a8bdbde1d5d
SHA1: b81964ccddff55eac4cdb61ccacb54a6ac3a1625 SHA256: 48fdcf26748e62fbe1aa377769f24d2b2495c476f361070c58ad1d7cf5908ced SSDeep: 6:44MJenEowdjIakbOIqc3Hca97hMUfc18cPMJOHNqwPraqJyMMbKHcyHvn:44hhSeqyfCULcEAHMBoyMBv |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Measure.aapp | 0.58 KB |
MD5:
f6cfd7ddb7be4ab6563219356a436044
SHA1: fa9688005df602798a441e3f5842d35a7cda476e SHA256: 8c8f100042868eece3b27ee82c17213f60c960947278d41043fdf29df7ed5124 SSDeep: 12:Ii6Hb5HjB/0AXiSYf72Zz1uN1qs3j0FxUAQJDhk2CU2dyv4++Zz:2jB/t4D2ZwlT0FxUpJ63P++Zz |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Outlook\Outlook.srs | 2.52 KB |
MD5:
fa8a09ed06d2b4a23c462ba3a87f192d
SHA1: fb8899a64cede5d74c0c6485e1ac6df54c900391 SHA256: a8671583ad457eeabdaf5756e8e0639e001d5068da32e06b969dec7756a51a90 SSDeep: 24:W2tHlZteEJygshoZMg/3UJ1/Bt6WyC4BeCzqyMQZ7ows0T:PHlZteEkphoZf/3UHJt6WRaeryH7bHT |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\LogTransport2\LogTransport2.cfg | 0.22 KB |
MD5:
9124442cbdf1cb34de5c6cf731e300d3
SHA1: 252b9cd115586e6e98e3ec88e87bc52694d96274 SHA256: 64c23a793c52a241da679502d72a6faf81b6ae44730fbb559861330232864f2d SSDeep: 6:clQyPC5suLNwQ15wMUjoGCcPyaAkvtbmt0cdV6n:UQcOL11OMUjoTuyL2pn |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\TrackedSend.aapp | 0.39 KB |
MD5:
fbea58d035ffe88ed43fd2146f7515a2
SHA1: 6fbfa10458242729f27559c0caf4e4c55eaa2ec1 SHA256: 846a6bd0ef91d6acb167a221e68e0aa0231002bd4fa8ebff753af2d198bec331 SSDeep: 12:cMHLg9+GPbIXK6soDY3/0rcNfOBHDgtBckJgam:RU/jcKC5chOBHDHN |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001114[[fn=Gallery]].thmx | 1.04 MB |
MD5:
1cfd27557fff43864497d24eabb9f0fc
SHA1: 85c01f5ddca568a035ea286399bf363055db938a SHA256: e2fb78bdecece02fbeddbe689118d4c600dabdb728473e144380009aaae67699 SSDeep: 12288:henHMqA+gWA/nH2hVscaqD13jOrUM6CHBcDjeIETxRsYUozxV2johfX76IcN3gqi:bqA+gP/HONeUMAjexFRik+o5GIU3PVw |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe | 28.50 KB |
MD5:
8fb170f5cb4cf4bb5d53a156e83358a0
SHA1: 4a264c5d3e174f8ab29825d0caf8650c8c9d1447 SHA256: 51aca29087f6bc733b8cdf6179224595c9a82e2020b262fb5e26641be64d580c SSDeep: 384:GEFUaakQ9+9i/fa940q/EYW/UWV34LFjCwV35o5ETJDuJyOf8KaiQrtyVvv:6CQq940kEYMUc3IlC635qETJDu4+aTJs |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\iQKMvUzGPjtGBd0lRgyy.bmp | 8.58 KB |
MD5:
e2aa8ef4d4822795b88d1720203b29a4
SHA1: f6ccb7ee6ea1900cd9d745b2a135785ec9df69ff SHA256: b6b9187b6cefdf3a67719443ea2c787903957c376bfa282abb77ac9ee8c4e89b SSDeep: 192:bIWBoGikcWHWK/UzaRyVeA0nEV0E6ursMsmZ++6M39oXOqF:/oGikzHWKlRyYA0zursi+sKvF |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328925[[fn=Interconnected Block Process]].glox | 8.98 KB |
MD5:
76c7079e4513a7d94082572b308a14e1
SHA1: fb20b111147c92774eed948081600d7e4c0db46d SHA256: f03a621e4fa4cd1cf878fd813b84a448e6b42380f41a4029205244f76da771ea SSDeep: 192:hD1GtgctsmYAlcqlpwbin8ayKYxrpTtJJzFlxPBfNQ2nHQHmT:TKgclY9qlpy/aLYxrNjFFrBfIQ |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Outlook\Outlook.xml | 2.34 KB |
MD5:
fd6914bc3078edfa3587631f25913421
SHA1: f79277d8f696da057054d355f88e3ffb4a656635 SHA256: 504d58846029d67c17a6ddbb8e503e86a0982a934606ccaad1aa8458b6f4578d SSDeep: 48:hClrWjes4xx5GTTFqvGZ6Evq91AhXh5zDMU7XtnaVq+7Zx9ccdJYNAyPKd:hClrtsbTZqvGZRoAhXhdDMWXhaV/HdJL |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\aF5hPNlB271.ppt | 85.62 KB |
MD5:
5826aa0252acd5987903d1bc27485dc1
SHA1: 866e4f2ae053bc5b5e175c751b428ab6cabb5e4c SHA256: 3b2fc0a5d532b656cd3649ebf04cdb43a0360c08943fc895a3e8695ffeab91c6 SSDeep: 1536:Vlmst67jXaXE639PCWTPQQVC3wA1Y0W/pZ0lkbYdChlZ7tKel19SBXcGAE4rsv:VlmstW+U639PBLQRFO0W/Ug8CrhYe3g5 |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_asym.dll | 212.52 KB |
MD5:
da6ad73953a64578b6c5e57dc920afbf
SHA1: 2b81c71a33d2a8b5189314027da6b82e2ab7835c SHA256: 9b6d5659cd555ff121cdf2464fe28a06ad13531f29b780c488ec1c68682ec0c0 SSDeep: 6144:vpQFdY/5nv7moPxGkuFQmkois1cXSec1GyO17IE2Vgp:yY/5nbMsoRSaUz |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeXMP.dll | 299.59 KB |
MD5:
b2dc928be4a5e23b13a307c7c7e071f5
SHA1: 3b2f00feed9ca7e2ff305576357495e55567ea5f SHA256: 5a2dd600f862244058be59eaefd2369cd2b43dc7d5f345062c08a274499315b8 SSDeep: 6144:jddqyQyIKt0VwN8m16clZO5oShbyLjmGPJJTTYBhvjPP5iDuFV0:jdA9ytCVw8m16ciiTTY3EDuFV0 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457444[[fn=Basis]].thmx | 544.97 KB |
MD5:
8e9ab411b1cbde4936603a1373e98f81
SHA1: 9fe2235a7c0eb79e9a257c39c8c1b528fd129cd1 SHA256: 1d92671ca8be4b22985c4b015f9ddcd143ea7cdb092c7f35c8095233416eafe4 SSDeep: 12288:D0iUUvIwLBFUBrgur/dPUKUYiAVpRhmnsFyJuPU3kaO1v:Qi5Iyr4TlMCzmnalt |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328908[[fn=Circle Process]].glox | 16.42 KB |
MD5:
badc9d5c33d01676d732bc4692d07ebb
SHA1: eedf72829d67553d18794fb5dfee38bbc1a0df01 SHA256: 31238152e5cbd797aed8908c5ea9f7fd35a30be62a4016a022a63292f10e6ceb SSDeep: 384:Bn+90jS4mdw/HqMViGVg7Ebji8vNQ6/OP5LbCRFKizG5jUw3q9o:B+QS4J/vPVpZ1wRF/5FL |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\MoreTools.aapp | 0.34 KB |
MD5:
44ee5cf7217706299c092a07fd078904
SHA1: abe5378031f5fdffbec39496adead72e2d9149a8 SHA256: 2cf0765e493251c8b3ed5d3b92fb75f0a8d059d3f114c8de54209c548367ad62 SSDeep: 6:6bcZPQyM15H72ay2Y54voMA3KA7GHd/a6KXheKGfN9mqSJJZ9awqTOyFTz47cmIy:6bsM5HyI64zA6Gi9a6YpJX9lzATzkcmh |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Res.dll | 10.00 MB |
MD5:
388bca3fe2ed79f74098c516e5f03ab5
SHA1: 6298396e5cbedfb217abaa672d9541c7d49eae55 SHA256: cb0ae550e3eb155af554a33c750e3eb1e01d499a6e07ebb3d7eae3fbdd67d581 SSDeep: 196608:tw6Kt9giXHkK45RpmqKHHwTBD8ms0I17ZFfyOBwTRNVDiz44rDIkamqBwobpXdGG:tw6Kt9giXtw5Y/FfyOOMc4rLaxw6Vdr |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\G5MbiMZSXdsj9RRuy4.m4a | 66.03 KB |
MD5:
4748faf7034c25ecc856ae7047fe1a04
SHA1: edd13c2bf67b8d3c2accf006f27d05868306a7f3 SHA256: cadbbcbb0091e7ff7ea1fb4a5c1667cd3ec52da1a86843ff1f7992e53e1b43ba SSDeep: 1536:XTEA455STMqTk16bljpKSCNhNni7p5d7d/EWG:XjWwgabljQSCnpi1D7S |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Document Building Blocks\1033\16\Built-In Building Blocks.dotx | 3.53 MB |
MD5:
003ea3fd9bdf803432b4cdcd24fc7626
SHA1: b7d1579d2089f3f8ba3a16edc0dcc20a2a4608df SHA256: dc3d42307698acd91a5be97aef9f3879d353ffb5cde2250d8af8dd6a91e33119 SSDeep: 98304:VOdMIxbMHDDWafFoEW5/VMGDtQ3Zgnqk4ALLB:VOdMwqDWwWJVMGDtQJgnL4AXB |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe | 84.67 KB |
MD5:
eeccb74f827140fb005ba1c479af1755
SHA1: 16ffc6d043c72958c6ae8bfa2ae4a9168ef240ab SHA256: 6db57d2b4a394c139416b3324811c7b6460e5225f7e22fef3c4ca86d45a9f52e SSDeep: 1536:bryaLGfRPRhYuQ55f7wg1h326rFhtNVW4eEasjx6xA1t+MH:brJLGfRZhYzDfUi3Rb384KGx |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Edit_R_Full.aapp | 0.41 KB |
MD5:
04384d3d1ea8bd30a215b5e0afb30a21
SHA1: 9690a7eab9240a56ad4b76287ce9f5e89831a89e SHA256: 0055e74f14f5ecfcca25224953b5b400ed12764cee639f51bd1dbc17ed5bd4c9 SSDeep: 12:DTT88TIhV6FLRpoTGVGTqMglPAArTYQi7GA:L8FVo9poimOl4Ar0Qi6A |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328972[[fn=Tab List]].glox | 4.78 KB |
MD5:
e517565cc3ea73a4abbbbf7503455607
SHA1: 22de6d80501924bb7cfcf50c5f08036906fe43e4 SHA256: 3916a7e8256cf38411f293ca485c36cb70e79786a823b2bfecdabbbe76a9e550 SSDeep: 96:bxzNhbu6uxSPSmnKOiZlKJxdWebNB+0zTbIlXyl2UTg1jkONsBwtu4X:Ne6uxSPHKtlcxdWepRbIlilo4OGCk4X |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Cashflow analysis.xltm | 371.11 KB |
MD5:
0cbf7ce4b5ca876e1098aa59324c4dd2
SHA1: eecd4b1caa964f6a2c64a10b5b5242cd7cbbce74 SHA256: cf4bbe77d561ebba41ced9597174dcce0c62ad8b0f75d4d2a5f348ddeef7fcf1 SSDeep: 6144:JxrPXl7KcIuGjDx0nt2/oY6W9Kf9HqCrBvssE1Xd5:JtXlx0Wt2wY/I9KCrBUl |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\fXiuXdEX.mp4 | 6.41 KB |
MD5:
1b2fcec576d5099f45503728f61c9898
SHA1: f26b7132cf34612ef1e93f40286285e575cedbf4 SHA256: ddeeb8b473f7df330733e5a3b1b38873ac6427bb90012deb2ff70f918cec8dc4 SSDeep: 192:QMXDaJibQRl2bLili0D/LaC1fkuy+LQhXq:QS6GQ3faS6+LQhXq |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\icucnv40.dll | 860.67 KB |
MD5:
a3b0055c368999fb0f182ad308e9b9d2
SHA1: d4881217fdd4436de4aef558153dda9a6b3ddfc9 SHA256: 278704b7e66ff8cac6821d65af2cf4feb37e0b9e1bd6dee6565c0e1ef7ebcaaa SSDeep: 24576:w2SRw6yNLAqQ3lQ2X7T8Z2AmPgKUeCjSRYs5N:YR7UszhXcwCj7s5N |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033919[[fn=Circuit]].thmx | 1.40 MB |
MD5:
9d67ea9f34260016e23d4c20845f1f49
SHA1: dec45e0ca366b04d6bcb3e41e6de0ac0a2e5bde7 SHA256: 1a8f1eb9f395191da53dad10cd534d0c03ce1c3200495482d972072883c3b0b7 SSDeep: 24576:RxcPNa0dnq6MJHF1zsqvD6OatW5YCrx9o7WD0V7Iozc9hLYsa9ZnG:RxcPAcqNjKeIwRrxKKCvzcks4G |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\GostTitle.XSL | 245.56 KB |
MD5:
d0f05992845c2aca2fde9c32687a37ea
SHA1: f8ce36fd04cfa143a6602e52d864e995b85d871a SHA256: b59493d0f88fbb5542581f39e9a5309dfe6047e22d5d4299bf73130a095b4be0 SSDeep: 6144:MK53KymHBoAa0AzVY9Z871eNvtWV9A5953jk6HH+4Vg0K:MK53KymHBoAa0AzVY9Z871eNvtz5D/ng |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe | 281.50 KB |
MD5:
f288a9959a20bb535f2bc638622a2679
SHA1: 4a490e2301dbe4977d973a88c1098a8d3defc1bc SHA256: c4f4a6d18f5afaff03186dde9be1c4467b360de1b3a3518cb41af08ebb1eb24b SSDeep: 6144:vYJBHc4H3c8o3z0ccx+pOOCRZ7vDiAHcoVEBKb7wL5kmWG42owRAv1:vkHyjz0Lx+pO7RZDDim9yEwWeRA1 |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\DirectInk.dll | 128.00 KB |
MD5:
aaa1c74f96d333215b5cd5ce01587957
SHA1: b5c0f1fa6b61689fafde6113a401358dfc54ef18 SHA256: 3c400917da09ed72eca855db2c308d379a2954b9a8b2fc3e779891107d8da8dd SSDeep: 3072:N1dCEwx5rCdeILFD3Z/GIOFWQ6XBHsyUEAg4eS+oQ7mQGKj2zPK:NOv5rrksWBHsNEAgUnQ7mQGMWPK |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033917[[fn=Berlin]].thmx | 953.14 KB |
MD5:
5496e7623617ae061f97652779449902
SHA1: e4e8c7881104fdd292a66b549c34dce09d60b505 SHA256: 609bd75c0b74b4e9b181a8c73f4e6a27e722ec1934d2cac66ede66f3b99c316f SSDeep: 24576:LeDmmmH85qum1kJlCrqslfV1+Beh1Ym52AN5m8po1IuL1MPq1dmIgLdSB:6Hqb1gCrqsltQBehu2zkIukodmjgB |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033929[[fn=Slate]].thmx | 2.25 MB |
MD5:
99e93f3d7c383d4c912570161e60a81f
SHA1: 8e83f1dca4fce756e4aa1aea77edcb09ef3a9286 SHA256: 31934eb471eff00411176507d59f118da22bb427a912015fa0967536cebfdd26 SSDeep: 49152:Hy12fmPMZM/hBJ7aid0yRdeEhTbX5DSRCVTLqZcuyDH3M7WlBSRQoRjpaCihKf:LBZM/hGid0In55bDXiSSRTRuU |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Stamp.aapp | 0.56 KB |
MD5:
014f151f5fc0a95cc3e922be4963b28c
SHA1: 5d61c7f00bc85929422a6f76958cc4c2b6257f34 SHA256: 8709c2cd84ce36621a3c0855ebcec84affaa4cba8148df7cb5c1148caf1a0039 SSDeep: 12:P0DnVzoKW7tcK57cvCuF6duPb5HFqgeMfpcxtrpNtzthnfEYPI:AM7tYvlqVRx9pzzjfEYg |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Project 2016.lnk | 2.12 KB |
MD5:
c94d5456cec9d22b53d192a13644ca7f
SHA1: 55381f46f92fb97cee41a47769641c9deaa82a7d SHA256: 3699b9d9fd026f0c94d7ed79aa55a76f2ea2abf21d22b1faa98d16af3b1571b7 SSDeep: 48:UDDD4R99u6YrY0I1XQkKxqYT0YO/yhyKnlIWpz3Yn5SWdv4:UfERHu6YrqQkKx1O65lIfh4 |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AGMGPUOptIn.ini | 1.69 KB |
MD5:
aaa3212cfc8876b869af0a424278326a
SHA1: 43f0cb99cb923f8d7808565f0e17ba4e6b037c8b SHA256: 065dc6dc3b035380d1fbbcc5c72893af706e3b9d21e7ad532fc2826ed91e93a2 SSDeep: 48:U4MOOPlRewSgqKHXSyIwoUvjaRkUSRKzvICJL4:sewTlB/oUa5SRKjIOL4 |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\PDFSigQFormalRep.pdf | 457.23 KB |
MD5:
7d4cff099ecd0bfbe05d3beb7e04ab13
SHA1: ca20ae86a00230783b58231c3f82fba1bb470b8a SHA256: 2fa7381d5d62971242806ff314ed0f938d4da43559de528b03dc6d4b0ac32cc7 SSDeep: 12288:pyms6JEWU+j8JC7kJPC0Ek1fBKmgcASQVYl49acsmaOMOekft5DI2dD4xEC/QTvt:pyno6C7kJPC0Ek1fBKmgYQVYl4EXmaOB |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Publisher Building Blocks\ContentStore.xml | 0.17 KB |
MD5:
f757884478b705aa8832e547cb052951
SHA1: 13461a6b785ac64fe725339ff7c4721ba90637e2 SHA256: 8477236e23e880ef4fea7e104320614057252d7aa62990407a2081c5c1bbe91d SSDeep: 3:jyvYHmALbJ1iHOhhNOQadXvPlaHp5e6+Nqu1hgApGkcewXhcM5wGcdF9tJ2Sl:j2YXLg4bOQapdG5+wKxtJ2Sl |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328916[[fn=Converging Text]].glox | 11.12 KB |
MD5:
e3cd6cbafac3629795b4f7d891176d52
SHA1: d5ebb5535c42b0a12bee68255526df1f30dac6bb SHA256: d219f23b0419945a511c2bbeb1732bfaebc02c1d3296c37e473f4e98afa66eea SSDeep: 192:Owm6NwGmNPzU/HLYL511BrRRbE/B47+1DXa9+dOmAXvHn81uSfFEn:OwTw/7qYP1pR8LDc+4man8Zqn |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\sqlite.dll | 315.61 KB |
MD5:
65aa01fa9654916252196ed62d4a315d
SHA1: 5f5f0ccd8d98cbb5544e9716d7c430eeafff0e14 SHA256: 9b26b4c6561f12bff17cc07c6cde6eb964751ffd09e253c65a8988bd4c3af77e SSDeep: 6144:rOr26kS7yL9N9vJdGKSWjOoRjGJCYWCwYTe4D2INzSmGKgjD7:EF8rMW35GJCYVdfrNzIKED7 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk | 1.22 KB |
MD5:
59b4885f9c9828747c6274131aeed190
SHA1: 7ff8d6bc2bd9e6de7038e52cc738f8ac97432b4f SHA256: 522d056bb487cfaef01cb6c93a37a4a15f810c04d5e363eefa1ae7d38cbbfb78 SSDeep: 24:7bo4LORKQlTjnqwIjKY0d4SuPvoM4Ma+XxaSNgk+8SBPu4438J1qRQRa:Htm9ruxo4rX8j+Xxa2NgVoxKo |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Calendar insights.xltm | 892.86 KB |
MD5:
6672e6e1f7b80c8765889a9ebd6ea67e
SHA1: 0e0f1512c92f4c8774b23f5c70bf55ed13ab9f5e SHA256: b47d04da46e27826824624d0850aa867a3246b727c0f793399e4e2575e4c5b35 SSDeep: 24576:8ralhhjajnT3iPq9HxuJAU7pjPjQ8Q6eDM2:llhhWfxyJbQ6e1 |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef_100_percent.pak | 0.02 KB |
MD5:
6e52ffe9f6a68dd720aab4db0c4b20d2
SHA1: a25c8c024b3b2a62c73855f137ae0260ca65de13 SHA256: 84a2a7432e7271969d958b8961d9e988e1726fa10ef98cff7c6c4e90ed0e5bce SSDeep: 3:JfMan:Jj |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\d3dcompiler_47.dll | 754.14 KB |
MD5:
6c88f2082ff0517834cd0feb64610f4d
SHA1: 1547bb3513adb4aae4195c1c45d2e6b5997f04cf SHA256: 3cb9ccc6ae323a39e9bb0d7c43a9a986d6a56dcb7f57b1ec2ce9e64f1796f243 SSDeep: 12288:PDr11NSOdW5G0yqtDsuJ/VHBsFmdigyqNI8EVXW0aAqIXcDpLnH9Yqru6In:311NSOduLsFwigyKlE3aAO9jH9/An |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ScCore.dll | 574.17 KB |
MD5:
d84fef1cf65207fc53c33e0f7eb81ad2
SHA1: feaa8009d75aa2dc0fa021ade89eadd75e91ed43 SHA256: 95143d31fdb0f324b837eaeb14e4cee20e7f767c969e14a813dbc916f4631913 SSDeep: 12288:q1kKeCl70XPDgld9Tfc6S/yvje1U22GeL757OxZancnEjJW0NPxePi:q1kC7qPDmTfzqa2LeZOx4RNP0q |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\MS Project\16\en-US\Global.MPT | 1.21 MB |
MD5:
45d1930d1dced2bbe028c0353bcc09dd
SHA1: 1f2f7852dca41aec677a03a6c3a7960b4ff0f320 SHA256: 7963a979520a4df9385fc81f232dd662467946ad207da90a24dc61130f300373 SSDeep: 24576:kp4a9Ss1TqS2THjJ3HD+oln5mmVZ2R8HVTmFmZ7SUmgoPJq7AlHkvkHyfj6/rkx5:kp4apQpTdUwcU2PJq7AlHkvkfrA |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\pe.dll | 1.41 MB |
MD5:
c8bf156efeda42257651e85972817203
SHA1: acce5b8bcee66ce38218ed99102e650d20d1f931 SHA256: 375f189b932cb09df8d3b01df21ac79d06a98308b7257166da9f3b811b83b57e SSDeep: 24576:oK9iTx7exw3hyMwDs0xIPk7f7Xof9xKQ5o68VwNKnoST+YNlVetH:t9661IMzGJ54hpI |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\ReadMe.htm | 16.25 KB |
MD5:
d7c2beeff69097a439494a278976212e
SHA1: 9c88171e86f94b48538c6147243cafdb863cf5b5 SHA256: 7661b2cd3dc18c1e4a0ef75b0e9a690601f9ea9450ecbab15883c1d9102e5e65 SSDeep: 384:iVG/UGJHGcr59F+8Ejhs1To0fFLTXmWhC7QPuCgo9loy:iVkUa59FHEjhsm0ftD1Xoy |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\chrome_elf.dll | 429.00 KB |
MD5:
650f6c02209a11407e6ea9903eb45838
SHA1: 1c4bd3cd4ce08d5720168a7a84d084f1c717d1c1 SHA256: 2b46888c1335ae0008afb91ffefadea636c9b753c0147b3d500678d3c1b02014 SSDeep: 12288:d5x2EAyvm+RSoUOO8idyvzd8ZRlVs9g0Smi1IgKCsEViu3:bxVbmqXkbdSzd8Zag0SWgfiu3 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Email Insights.xltm | 720.78 KB |
MD5:
452159bb04744bf80954c1ab1c3ae9fd
SHA1: 6e67f8e08cfd4aaeffa07bbe42f94bd4db071606 SHA256: a5dbf205a879fda878c34293b9ba0ded0d1820e2e35538cd2b834a0f5adb5722 SSDeep: 12288:LRhZESUkalvrikWjTD22QUATVM92zY/6BhckbnXDyj4XFqrC2DZwL:LRhIN2fjTC2QrLjPnTyj4XFqrC2DZwL |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\6jKSrZJ88Nt.wav | 42.23 KB |
MD5:
2af6373ed6d68dbe31ce05116e7146e2
SHA1: 15c9410fbed006739e2b2d87378813b2c3ed90eb SHA256: df9f00b4df92e0608310d359ee8690ea6591f6277effa3a264852fd40847cca9 SSDeep: 768:VChygAf9ucE8o7TedPs0dWzobtPxbdOHAZIVTUEaqB1HGvQJNpVgtMX+:shFAFlEF8E6YetPdgHxrjBRGajGtm+ |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk | 1.25 KB |
MD5:
d797924da662b06d8903193ec8cab61a
SHA1: cba575adf1676b16a3a464d1be5a4953520e1660 SHA256: 22b6166466da9c537cbb41478d14c5e4af93aa473ab606d363529cab57782ac6 SSDeep: 24:9DZJOXQuCfwp7J8cPp1+h3+n26goMtM6XuN4QkSpp1IsThUV88:ZTTu/7J8cPpshcot3XuGBU1IyMj |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457491[[fn=Metropolitan]].thmx | 759.42 KB |
MD5:
38170b30497b09c9a46a61d9117b378d
SHA1: 7f07d3c10d19c3e3221613374d6d77481faf40fe SHA256: 638f8986e58c9ae1b94db2dbad41589a166b76b701a81f80e1d75d5aca169200 SSDeep: 12288:LoTa/OTJHmmjrnnRQgeZIK6ljtAGLlkVmYAiZvAAuZC/Fb/cB+sTag6KlMkIWHw5:M+MmlZADktuBJug6KlmK2SGDDiDrPX2 |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Certificates_R.aapp | 0.69 KB |
MD5:
7095d8e7b00dd0f5d10f6ca589576cad
SHA1: 3c724f03267d1fc9b7eda5ab659de55298a39a3a SHA256: 5c2dabf35d1d6ea4c116252bd87aec0967e0118e4eb365259dae17622e908ab0 SSDeep: 12:yYvyI9ZtaVQlQPSRPSsOt9Qh5HFCEIedoAQkYET3VeDeR2ZCA6JVrZg/fhZHMi+T:yYPTtiQlQWPSs/nlNIgoAQhOFgevAC+Q |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\RTC.der | 1.08 KB |
MD5:
3cadaa959ad510481fad91392046544f
SHA1: 09ce7bcc9cec210a5205e16385e56c5b95cb4a72 SHA256: cf5cd7f1309938106e640df470bf3ba9c948348928d85865f8594d3ba79f10e7 SSDeep: 24:2ccCoIMUvkIeYnjLMEShM0m1+xeZZ92t0IIEWhAJ9:WZkkIzjQESS0I+/tUEWW/ |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\BWs 3bhQ1.avi | 59.72 KB |
MD5:
7b718d45d5f90a8bfdc54048cde25a6b
SHA1: ace7cf191ebe7f1e4032dd31f48ba4b3d805fd7b SHA256: 1df9f91b8a00d2ddcf6b28b9e73349514d0753abaa71b4af8f852aded2469c0a SSDeep: 1536:nSYVFSR+bdEGYYh7SDNDB5FCTq91RobdH6ygxmJH3Pqn:nSYVIIndiRbvobdH5DU |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\kPvJOo_e0v2YY.bmp | 72.81 KB |
MD5:
7ede9de4512214abf6333f9c0d40d858
SHA1: d3dca04e3861803596d9bed25d0ef31f7b78b06b SHA256: 99fe1dcc19c00678f6cb12081178b6df19ffe334768f42510face742ec65dea5 SSDeep: 1536:yBv5Wz3FpxTZoPwaiWwOAFrMPO3vgGNFe3ttB7AeegmsRj7TYbW:yBv54p7ooaihOAxCOLFeNzegnRkbW |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Office\Recent\Database1.LNK | 1.09 KB |
MD5:
8ad0777557144b9085b66b04441bb5db
SHA1: cdd387834c3fead2fc4459631410463afaba8d6c SHA256: 54840e71747c3b83a4bf4434fbbc34ace1f0d9bc9ef197283f8cf78f5b4d56dc SSDeep: 24:rbQdVXzLVbAvC2uSzNIZ9CnP/HMy870stinNmK5WL:oH5b32u9CnXMn70SRg8 |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\sqlite.dll | 315.59 KB |
MD5:
b427ae00a0f51df88aa50684dcca9e91
SHA1: 7c7028b13ddb268a50b820b2b5b6b9292119179a SHA256: 04f62cc72e9bc7ac9383e4db9ddef4e3644e4ab1c4b06444f0b81453f474d30f SSDeep: 6144:mktDl8C0MGMpAd4psmK8MXCVk8+SExHCLBTR+VL:m4Z8C+cs9DCVkdPxH2/+VL |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\1XHufR-DxIGxuK V.gif | 12.27 KB |
MD5:
e35d53a4a73bfeb1d7d1c76187c1f778
SHA1: 4f313d4e6b263f8c5f6278dad56b70c3e6005f77 SHA256: 2c119c6c33c4bf3273bf1823b3a049174effa9b8e33d157d2e31c49af5a33f7c SSDeep: 384:Juxh2YGiAQu6ny3DrM4dfXquAG2p45qkyAe:AlEHdfPAG2plR |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ahclient.dll | 265.69 KB |
MD5:
746499bbb7d0edeed9243072fc2f7d22
SHA1: d85a29dadbb0f1ff4d69edbe552f3052e3e419b9 SHA256: a7b4c232176ef2e167c4eee9d6f80b50cdbe8823efdaee6c6fcabae347ec0fff SSDeep: 6144:Y6yeYMkO8AdML0qwD0G5IblSbjDxk4nKB2T+H757WywQca:Y6ye3kO8ASL0q40G6wHDxr82T+b5Cq5 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Process Map for Basic Flowchart.xltx | 107.38 KB |
MD5:
7d874127ff9bb81f8eb51fbafa618d60
SHA1: a0216718191c6de931fc83596c33bb1a613f1ac9 SHA256: 4e1b5a261d841b4478ae6e62808f99aaaba663f281261c6395b39a429c3904fb SSDeep: 3072:P9tyW0HvrwNxDB6BUZ+Qr4etNRP7mEsDC3i:QTixhlRPyrW3i |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\CPDF_RHP.aapp | 0.38 KB |
MD5:
a176b027bea246597e516501568a7ea5
SHA1: 61e8e316d1fa7f37481b96fc0b5c3809eb44829a SHA256: e647aae921cf2a422317170376e5fa2abe5292b78a89c7ba037e00f252d947d5 SSDeep: 6:wpknpX8UAbDYrE0P2Oa91yaKBpYOGVfnQYnvpjhc7gJENW5H4/Ry+vjHChag7L4w:wpknpX8FbDYrvOf1yaKBi/fnppQvWwyf |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\ZMyqqk.avi | 60.94 KB |
MD5:
02836bac6d8b21065e3a98beafaa74b7
SHA1: 75d513ee43d5baee298e7a6e932f29de5e87fcb5 SHA256: 8c172b13ebe9f9c72930cb1d00c1e570afb167daa892c7e6f1e2cec37c3183bf SSDeep: 1536:fX8smcNrlUcnmN2tt92w+xO36D51658HXseoCaSChe6WQ4bOK:PJlmOcxGr58HXse9XIPK |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef_extensions.pak | 0.02 KB |
MD5:
68ca1476d52156976df5de9adbd84991
SHA1: 15c23bcac1e20667eb09fe22fb61918719d1c71a SHA256: ccd5d6972666202b16b28064da79730fd5cf15a413f0589e9656110a9a653e96 SSDeep: 3:Qlicn:Qdn |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03090430[[fn=Banded]].thmx | 548.95 KB |
MD5:
8f05b82944a8cdf41ae7d0a18d88086e
SHA1: 50e96c01974e88d2cabb01aba5d13ee1277c1052 SHA256: b31d1f8027dadea1670c528b694eeae9cb3cb53d32d2b355be2dc0bd5d23ba8e SSDeep: 12288:11pO1w6CvH3CmnTnheo1eDMRYuGBXs50lOWKGwCHE6wqipjm8:F6CvSmnDPeLuAKCjRE9 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03090434[[fn=Wood Type]].thmx | 1.57 MB |
MD5:
d7ea62c4720aad994a32a55e973bb568
SHA1: 311665af31b0464d705b7830276e96b40364cede SHA256: e0a1a514cfa9eb4813d39329183ef55ac52f20bcce1941524219d2cc52a01aca SSDeep: 24576:VPMpYTwfAKFiwi1xGoTxaVXIAl51r/z+1fDaCa+l/6hATxaLDVcYn1iTVcYc:ZMpWwnmgoTYaAh8fg2TYLRcLBc3 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033927[[fn=Main Event]].thmx | 2.79 MB |
MD5:
f33c6e53fd540a99b14c06db5203e4c5
SHA1: 50213abb9f50cb048a29cd2db066f1237d371b93 SHA256: f8d44be43b20a95b3876db26becca362e3ba76dc9548dee23d32b15ceeb03c3f SSDeep: 49152:61Dgoc4v3eCE5mKuzRvD6tY3BHaki0DvSbJ4E4cOQNLPEDgSlVuv0vgI8AYylkNF:WgF4v3bE5mKudvSKHVFDvsp9EDfPQ0vw |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll | 316.50 KB |
MD5:
8e87f7b0d0595129e658214090197419
SHA1: 9bfd676bce3c6fbf1ca62488a61284d15563aeed SHA256: 90b63dba61579a008feda847242afea4f6341b8157f6192132fa57188f4f7bf9 SSDeep: 6144:JKJXXGr17m+RSPd5Bym/YWAYzFsgh0pr9LkCFe0BniG+UjZ0u0:fzUd5BtFsghwVBFect0 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\CE338828149963DCEA4CD26BB86F0363B4CA0BA5.crl | 0.42 KB |
MD5:
17409355f246f72652f6df8930b41438
SHA1: 6f507f53a6b30236fc14b9c9b17cbb7ccb9215e8 SHA256: 5a09a523d3f6183bef6fa9dbc7269b42259df446ec321b0885d652e6d6796f42 SSDeep: 12:wPk7i/wBzd6qNFYQ9IQan+F1gCC6hgsUfdutZ:wPUBBzr91vFwsUfstZ |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\GostName.XSL | 250.36 KB |
MD5:
51ff6ee0cecda819cd947cbd0ab892f5
SHA1: aaad85a05828139ab5385b7e3b4977955ad5d76b SHA256: d8fffcb20d4c1d4ccfb6042f960e97068bcbc06996bb4a6454ad42f35e135b8e SSDeep: 6144:PFrfQx3GdXM/B20u7BOJjcsaq9rnnSQ+FRAVM+V+3m0u9KFZNDwdwaeUhsTDcc2p:PFDQx3GFM/B20u7BOJjcsaq9rnnSQ+FC |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Normal.dotm | 18.42 KB |
MD5:
aa1cbd87d2381e37ac1b8a758d5574db
SHA1: 6be236e3c4ee07f4cef74e6dfc3ce28fc488db32 SHA256: e411a3ee526612b6ef6d6a005a8ae3c8406cdaf63565e47914f3681918708853 SSDeep: 384:dsF3W1Z5SQHzydJikrFb1Jd0OGni00VsW8KW1BT:dsF3wrSQHWdQCPm0eBF1BT |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk | 2.31 KB |
MD5:
c767ea027ab3de8d9c146a0ae397069a
SHA1: 1e9163a88c2227d50943821a8a73847c6be788a1 SHA256: f25ea53e21149f50fb4bab8a9b424e7205555a451282496ef733c99676037485 SSDeep: 48:CShGKPQgW7Py/zjbvQYkhlUmLblgib3yOVyzkm7KLKLMuez0:rhRSKjjUUcNezMLKLMC |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033921[[fn=Damask]].thmx | 2.12 MB |
MD5:
e09fc0562b29dcff1afcadc0b7acd027
SHA1: a7fdc996799ffe32f91fb3482c9be71cac792bb7 SHA256: 270101b6f660f95c6eb712ec1159deb0ef1049a7a5a7fa649a54296ac7a67760 SSDeep: 49152:whUSZrBXpeMVwNNOKLZpFrIgh5bxRN16NuCO:wP7XVwlvMgNRGU |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033937[[fn=Vapor Trail]].thmx | 3.44 MB |
MD5:
54e03dd53d441556e4e3e82cd300e73f
SHA1: 077f472a274f018dac7767c949c3d25910271385 SHA256: e2fcb8abad0976be36c50851c579e2615e6cae4541ea7b772a450154233ee4de SSDeep: 98304:cb64+Yvwdg3NNc+clGlICQq6NYQttQet/6UBuKKyw0gfjSKOtCD:w6cvwydDlICQq6Nrie4+Kyw0eSXg |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Access\System.mdw | 124.02 KB |
MD5:
cbe757fbc06ec4b30100ff85ca43d767
SHA1: 232595a50d81b97151f7717386dc9a3517e70201 SHA256: 348d9b889ed0254190b7c97974b817a9049cb3f9438fd523e38e4d12125726d7 SSDeep: 3072:09kg68Ftr7a8eFTkG62lofPkJKSRQMndX42glD:sXtKvZ62Sfi1ndX41D |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Viewer.aapp | 0.30 KB |
MD5:
4129b6289f659fdaeb4a7c9d0dc60c5c
SHA1: 8b3f53dfaa1a22a8fb6bdc04bb99ea2c762998ef SHA256: 3d6e3c59ca7e631010ed93ecfc5fce31cebb58a44931c0995aa7308356e8c787 SSDeep: 6:wtSmz5aZFo/DYkoeHnpFxerT+h/KHkVjl4VTHR7lDHZn:wtSi4UHnpFxGC4kpCVbRhD5 |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_ecc.dll | 492.52 KB |
MD5:
eee8f68dab22aa25d7b6700c13c7c355
SHA1: 83cdf51b3d37a788b63a0699f831361979bb1845 SHA256: 355870b7853a4017fcf697fd386d6a740197cedca5a4f9ec1457f5c9d89576f8 SSDeep: 12288:N7ma7F97IBgNq1Di7IgafEBdW0qC7gcky5E+:N7rF97CgY1Dj860Yy5E+ |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\IEEE2006OfficeOnline.xsl | 287.62 KB |
MD5:
42184fadbf0e6d8c1ee7e96d7145cbd4
SHA1: a5e3b782dcc5511c6de63fe6295c15191c1562d2 SHA256: 287895ad5b9dd67fb14825011159faecb993d34113a3ac7072b6b0540aa33d8a SSDeep: 3072:/Yeaz2G6HPPNfgHedP5fVchpud4uqcHE8h4Mmbu:AiPlY+dBfgpIsgEA4MmS |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\CoolType.dll | 2.79 MB |
MD5:
cda5043250ddd04196e6fa859071a7b8
SHA1: 9d6ac509ae6fb6b229d771a1bb80696526363c7d SHA256: 9026d6f178b42fc52c896acd043e37e4a8316734b14ac1267d69b1b0c87923f7 SSDeep: 49152:4PH04CogmdH8tM5SNPutYlGu5CLXwRceRwbdtdUStqK3gcSfeSp:OH0tM52jGdLfeGtdzoK3PSfeSp |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe | 135.50 KB |
MD5:
444cba8149ff2ff06b3c79cc9787206e
SHA1: f7718248299ddda81ca037a7d5d9b3d37d273c75 SHA256: 2254ce2596fa3accd1a80bf052880da94ec1fd11bc411f463cc7edebe43b2898 SSDeep: 3072:59Okq1ox1dvUHpiQnBaQFvfnPQKqpJmsCWrTRZXsbMr4pXZqz:bM0hDkBbPCpJms9l4LM |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457485[[fn=Mesh]].thmx | 2.94 MB |
MD5:
2995a990cf2a24aec861e3d944c6287b
SHA1: b0b9851cb29cd5dc6bff560dc4ec384bf6aab639 SHA256: 2d2b68bb48a721b9309d3c5b388b5cfed6ccc081623e62b45db528ce7d0514f0 SSDeep: 49152:JkPw53/zT5gjvSVY4u6AOd9Cssb1beHBN9GIASm+Sq52WysHKR3QoucgHDha4APb:H7T0SVECdkssmAB+2Q8Q9njU4AHkgWTY |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033925[[fn=Droplet]].thmx | 1.67 MB |
MD5:
89ea1cd11e3897cdf61b4618b7b0ef60
SHA1: 7f2078fc5b29d24c5ac38253018a72c9f49f87f3 SHA256: f297a6a67759602ccf55749dbbc86a55e745089c085089cc7f8cb38820d7e1b0 SSDeep: 49152:RrywQz8PrmB7/AcYpxhLw52I0kLL5sLCdmiy:P487FLwszYL59dmX |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll | 10.00 MB |
MD5:
e7def8ba21c0b23497a699244672cfdf
SHA1: ef745f54fdf6b677f546ee9b2a39c1a87e6cb281 SHA256: 789c5b9e11b635005df63431b99d7a16735e03de29154e02958e9898aa035ba8 SSDeep: 196608:EjZdBG1As9HRUurF8XZmcsGQj5ne0zr9w6BWSytJ0qndii3Ugsnj5z:EjZ3G1AeRp6ZmGKBdpsl3AiEgsj5z |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Pages_R_RHP.aapp | 0.41 KB |
MD5:
05e8ea3799a025c84278f82b56b29626
SHA1: df301958bf3c2c684fd96b4ca39404497738072f SHA256: 03648aeb67d9c0f5c07e0b41707362fe9b2c2217cd43dc6734b0e8328943e644 SSDeep: 12:CCNdmFVtkDcpsp9uUxuwpE8vzT8xu3Gu9notvMxjO:BCXODqsruyEDxnumtExy |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef_200_percent.pak | 0.02 KB |
MD5:
2856130aa64b0c533050f9cb87e96861
SHA1: b66605951a2d3c55b53f08fb44470c9ce865948f SHA256: 97e960fd193bb46f0925070c85169f92df96b2a6e064f549a14f345f4311385e SSDeep: 3:amqGa5POY:tqN5Pl |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\cryptocme.dll | 213.52 KB |
MD5:
0f1f72f58771b94072b3070eb2b55765
SHA1: dafe2abe35699586439f611e734cdc244fc68abd SHA256: daa897a686da145db3dd5fbda9fc26a0f7052170594c8145e5f64b9f1c2c159b SSDeep: 3072:t92+xMKlRxIUmniRNh0k+p07exRg5/J2F6VZY8L3f0Mc3kpQg0MVi/4Y:HlxMKzxINKN2tRglPVRfDP0YY |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata | 10.64 KB |
MD5:
805bb18a56c1e912ccffda177733bc2d
SHA1: 095c5f5e78d86226f692c3002bf41b1af7374607 SHA256: a2d942dedc07c907d5f3d300beb0b4bd0f111f26342dae555e0c61d912022a8a SSDeep: 192:zRJ0oa1Oq9izBJ0L9cs7stvuWUpfFoG765l6YQPHW/eCwDCOuBQatqHZegmjTfE2:dJva1Oh0LRstvuWe6lRUHqeZWlBQamFs |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\BIB.dll | 116.50 KB |
MD5:
ab2ee7d6b630c0a4507b38249cb1dd5f
SHA1: 67f550e7c59a876c5ed53b02c132e30c2171eb27 SHA256: f998a4726a10d4002b19f43aa3a97d54aa0204583111d0b9ea3505e64870a876 SSDeep: 3072:lIouD6O4zMLRhKh3EQqebxMfS2isUJuAKxJ/Uc/JqIQsXgzf1WpOvx:lI1LLRhcqebifSlJu75gsAYpOvx |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Comments.aapp | 3.64 KB |
MD5:
0761660b1a5169a6da0ef7a5bed656fd
SHA1: 2b8748ca7cdecc0d93444cdd137d41678f9eeb78 SHA256: 14ca403915680ee868b364655bdd739665dc467bd709e0afab066eed35484dab SSDeep: 48:KqUuqMxrfDPKLiOU8hpXI4QfCljeZAFM+aPDZbjRzK3WhgTg7gFDwY4bUeMy:zFBPGNRtjalHR+lTW7DHz |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\HarvardAnglia2008OfficeOnline.xsl | 278.14 KB |
MD5:
50e84ac8747cd1515f0cb2b316c0f835
SHA1: c61385e7b90c576781bb94b3d0da8cf8ccb18145 SHA256: 16a25568bdcbd9f200eca4cc1ba0af98d68e718a21164f4dd749de0419bbb563 SSDeep: 3072:TwPnYBDcybhb9WTfB9CsomhW1IyT6PwRoZjYJ58nWU6NcvIgN8tgkbiuYk2csHYy:TwPnkq5Ws6OIA8BiKw+WaH+12pW |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AXSLE.dll | 610.50 KB |
MD5:
afec3f2958ff5b4b98371118e96c06e4
SHA1: 235f5b4cce16ffb7717b2378af1b9709ab45d0ae SHA256: d6dbe3337b92ab30c438be2a54ce97b9f672b681ede51cef95f52f664b36a3cf SSDeep: 12288:uSReN4OBaglucPTaC6gZrt1xLgYvQN/bjLddrsyAwJFX+y+e:fRgz9/Nt1xLdHIJ0y/ |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf | 182.47 KB |
MD5:
113c58e635e93da58302959ea87a64e1
SHA1: 19ce75c08a4c6e2a8233eac69b9076d32f59b5d5 SHA256: 63bb9bc14d574b2fb2e25c2b14b83e5b593166a7513e582c9c836f679e2bb931 SSDeep: 3072:/3jmO1dANbLKVXJXO9knComYH9hOB2HsBpcvC4DiBoYd5WwYbAL16nXWSA:/jmOwNbLOZXO9knComYdhOB7MvCM2o+j |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457475[[fn=Frame]].thmx | 510.80 KB |
MD5:
f5cb86e5ffac9d53ecbd9af37711d9f2
SHA1: 06feb2498a6c6f04cff4cf5d0c7a14f65220ac7e SHA256: 50b490d3eb15458298f2f8a167f4f8ddfc2aa765bd74add9521302be15f6ef5f SSDeep: 12288:Z3H1CiMRspao9ZvtztlFVEJahSzJ4nRoCLohkY0bh:Z3H1iWaovvLl+J4nTLMebh |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Excel 2016.lnk | 2.38 KB |
MD5:
16846e15e56eac1c3986f114c1a67263
SHA1: abe811d20294646d0d2dde55c770c662bee9335a SHA256: 904f88cd14cfd8d5ec54948ad53f6ee510c77dd86d1144adfd2186ccb266f97d SSDeep: 48:PUbR0kPry1cBiFSJfK3st9YnuxPOjKJyhWflPTh2NdEawaK3vHC7f:PU1rrizFYy6yuxwKJyhadh23E1/Hw |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe | 52.59 KB |
MD5:
eb079905aa3cabd00612d358e7b27bec
SHA1: 18444205588d3c2b925ecd5c35b79ea732971d46 SHA256: cc13f323b37b68b1924bde3a3db1345425ecc25b8b9ad74476dd846d4c2d52dd SSDeep: 768:nG8YkqZ7qk93W/7n1YMnPsHxCQqLLqEh/Z3ptZhALojSRW5H1HWi924jR5o:nqZ7qsGTnLPwdqLLXh/ZnAGSM5VHWiP+ |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\7h3QF4wV.mkv | 83.91 KB |
MD5:
8e5dae4473a91a33429c8987dd8be2eb
SHA1: 1154386b7e3de9df5605344ece47983781e674c1 SHA256: 9aefd4d054bff6cf4c8fc1ba8e66d74cdbbdd27c5573250dcdc400779c2394d1 SSDeep: 1536:EdocgNN32h9SIYAYHmUz4jsDxGx0ntweBolpfDoBIe848EdQdRDSOjq9p:iopNN32zYAYHmUsjsDwx0ntweifDMI3e |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Office\MSO1033.acl | 36.86 KB |
MD5:
e4c5be05972ff2c2ba2cf75aecd80ab3
SHA1: 87238cf85451253cf800437aefda8eca5680bc1b SHA256: e8107f62cfdb52bb4eef4d3472f67693a2ccbf460b918aa0d9ef1a07e804c1b6 SSDeep: 768:BwkuREBwvHAUnMbFvCNkXy+RQ4yiGiMTgLIAzY/Q/mqxbC:BwkuREOAUMxvmkXy4539MTgLf0oNM |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Stock symbols comparison.xltm | 1.39 MB |
MD5:
cf93042e6ecf33c07b1bfc117b3ceb2f
SHA1: 181f505cb0af652c6241041125534075d871923c SHA256: 309f06a4cbf207c95726d4c5f327f1528413124329b72cbb575d7866aa27629f SSDeep: 24576:8lBtDKcmeFadgnhm68Gr0KAA+ce98QyPsJn0dR0tL5ODRPxW58QeIq0gHLqiWC/m:IKlJCgTXKAL98/UBO7DNxPQe0gH56 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Office\Recent\Templates.LNK | 1.17 KB |
MD5:
d25a0f110946dbc6b6c1a27aefffeaa4
SHA1: 18c35f9f32bf7e850743aadab55bba1fff684050 SHA256: b93deb08b7b6fd8c8d2ad435a816b79fb4592a395daf156fdd4fdfede6ac2a9f SSDeep: 24:MJ8oWYJuxxD6U63Zo6Q9Xx2TNk5SgcUQMdAL2f7W6N1bE0qgDFykn:Q8olJODB6J7Q9UjpUjdAL6Sy1pDZ |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk | 0.33 KB |
MD5:
e1e7d0ad6d96961bd13e893c7ecc395b
SHA1: a2198fc42d8b0138da8fc2c89fa1742a0f5f4b09 SHA256: f83046036d2888faf8c6a6651d69f08c16c3f2e52a36b766a3d87bfe43ce3595 SSDeep: 6:7LxE4ulHpFD5/XDGogUn338MJKv/RVXuDy/bPFJPJits0sb57n3hCOXIRQn:7LK4K3hyLU338IKXRFQkbP4tsd73EO42 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\q0Lfg4X0PkE9ZS3se1w.wav | 74.53 KB |
MD5:
47a2c6a0b27ce999678c457af3e09135
SHA1: d5321101e7c12b17be26a2836966df8d8ecac295 SHA256: 7c3399be3d219b36bef55dc9d578ac3b26503486d0a0800b476caaac3fef300a SSDeep: 1536:Ma60/H0x9LycL5dl2IESN3zCyCTx+3pQRSRlPZufo1ClpF:/6zdI0dzCLAkKNCF |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\vRIJHQaZ.mp3 | 59.50 KB |
MD5:
e996b34d59b2d2beb78651dd66ee2cd8
SHA1: e06dc04443ef0f6d78a0592fb3b69b62c0b3bd11 SHA256: b7b14ab4d2a15531031c90ac700ff98eb679dc4b30e5dbf3b9db5f9e3c2faf21 SSDeep: 1536:LXtxV5jpwnzz2O7vlpdXlqhqKfU1rNK8DZEMP/GTV1eUh:L7VLezzH7vYsLK8FE8/kr3h |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001104[[fn=Feathered]].thmx | 1.96 MB |
MD5:
326f1936edca5f202f4bf36cc5c711e5
SHA1: 54eca2a6cc810a58ea5523f20b140a1819397397 SHA256: 17a6ae8bd75b663ee6652a245d48ba7ce8a2567b225e97127e0a6a291072d26e SSDeep: 49152:fS4u4Khparoo/2IBspjIMYW2lUgyyi0Zkt1G2:f04QaEEjMLoU59tB |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328975[[fn=Theme Picture Accent]].glox | 6.31 KB |
MD5:
0bf0010370970827907d82a783f44645
SHA1: 6d7dee9d6429ed0cabbe43c4ef24fe63da93b0f8 SHA256: 1b9b21c9ee9979d140f6951e9d87fa92c1b2f96ac4492e57244ece113ecd1251 SSDeep: 96:2Wb/vGrKLaPWLwnU4K76l+GCQVUUX+fOeJJwRePf2kabMmxR2lJhhhvDAmB3L/s:x/vNMWL141wlQqUgqWFzNWabk |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk | 0.41 KB |
MD5:
61d5a2d918addd2775488a2b32584d06
SHA1: 5b3336a91cc786ba322e6e795df2a263fc8b018c SHA256: 77305fb26bad362452c23cd180bf8ce3b1f20fdeaa9067e4f4c980b95aa64467 SSDeep: 6:JBzyVx79PD4//869WZiiFwEhvDT7GSxyqEoHKOLT6CN4wYjfXlvvDTmGEtMLin:JWzD4H8H/7GsZKrCN5KlnmlMmn |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\lbYChRg-xAiK-KFgsEDW.gif | 15.36 KB |
MD5:
66f3aa9529fdb87087af562b743b473f
SHA1: f1817336cb936266e942dc908839b3961c123e38 SHA256: 3be20d30ac9cecb6a7bf71de7092a42b6640b70ee28eda4e4a6fa5d40dd9d25e SSDeep: 384:vcgri4Twp74Wpvqy1eNKLWmxm3ZF0NF0w/MFl7no5K:vcurWZE9mxm3UNF0wEF5R |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328983[[fn=Theme Picture Alternating Accent]].glox | 5.50 KB |
MD5:
1a8dab5c1f75ecd74ce9138ae1e163ad
SHA1: 0a1424bb6e8a7fa4590f1dda3c857774af49dc76 SHA256: 5e464ac71662188cf3838405ffc08aff082fb9f2376013574f969ca77d79e66f SSDeep: 96:yKhtvNNw+JCfI1yd4I6tA1M2bxZ5G20IkYuvo62/bCc0prAII1dKfgXypKR6gL:y6vNNBJaheliM2l7CI2Q6LVprqU26gL |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeLinguistic.dll | 504.50 KB |
MD5:
05e49fddd182b04c7e4becd4f75453bd
SHA1: 82214fda3306c2586302e26d75c0071522e223e3 SHA256: 195febf8e53f736a4854b3365547f9d1e09d96640cf62e56579cfe1a1cc5677d SSDeep: 12288:9KN2uw9/I8nqx5agAumMHNywTO9Z54B6Jqo94HyIL+zAnERwZGk9K/offtguNfTZ:9FgA0O8GIK/e1guNfTi+ |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\15xo6kifu pmSmCyy-0r.m4a | 80.53 KB |
MD5:
c2e6e3409aa2cd0ac08221f544b4521f
SHA1: d811d0c7e09256d5d8d16dc2277b61a7e6d4ff58 SHA256: 39e07d4a0ecf5096e989c08ff077c87f2f0ac711735a3b54d901c4fba51a9d6c SSDeep: 1536:ebMdD2U7qPin1/ZMnVtFSigHHTUTF8liPx1CGYkQfjHCjqbZdmqc6SAEXxollGMo:eaD/q+Z+Vt4HHggip1CnXiObZdmqc6Q9 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\OneNote 2016.lnk | 2.34 KB |
MD5:
907fe6acd4cc7a1d7d797385997c5347
SHA1: f010fab7ffc2badf81e96b88599437e31d74a85c SHA256: 4869b068b305ccb58d9616cf7612d6937e840d7d9e0d95c211423caf4dd355fa SSDeep: 48:Z0ls+t1BaR/mta/tg6A+EBMATtSkK97VCQFZO74ZZZZZZZNlRawZZZZZZZZZZZZX:Z1i101pq6A+EBRSkO7VP87wjN |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AXE8SharedExpat.dll | 194.50 KB |
MD5:
702c6e8f97018cc6b8410796a8227bca
SHA1: d8c6f0e4f7361e0daf1f1d8b598413d508b0bcc8 SHA256: c024609e169b5dadd3db5ce7f334a7028919a75a2add91b5c2ae08820c3f681c SSDeep: 3072:AOX+17djnZUh/guhYje8iCgudVBnaqfnGWvr/6L3sWNNcn3KSRS+T:A/17pZA/1hYjngaGm6L3sRh |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Process Map for Cross-Functional Flowchart.xltx | 141.34 KB |
MD5:
f05f3485c5ec20c5659493007d9fc731
SHA1: 8d6f131ac65ced39c1418212089f18a4d5af5e84 SHA256: 0268d50f448685808ce8fbde0dcafd8552ca20678bdb6df030249b36982367d4 SSDeep: 3072:8UMi61gX2ul7Z1pWSEnPSt0LVE+DTz2HnbOb8064xSp:iiggX/77NQnJTz4bObNRxSp |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\GB.XSL | 262.38 KB |
MD5:
44087aba3ca0559719d5cacd2af4d764
SHA1: 986100cab1552e3bbbb8674d77aad5f5478a1786 SHA256: 7f659a16f27b996da0bdc9e56a01581a572822e4f3ab8416c0c54bc65a86238d SSDeep: 6144:CIkvOsJI5LJPGRPL2rMYS54bjtcumZwm0fvSw8Qjozc70vl1bpWXTpoh6Q6tdi/w:6WVJeRPLkSubjtDJmYSwrLs1bdYPkrFe |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\PDFPrevHndlr.dll | 95.17 KB |
MD5:
4ca51f395d66deeee2ae60c7a0955c73
SHA1: 56d5e5e3ce677a93222d9a73d4b3e2a60d37dc17 SHA256: 93544d50fad3fa5be8933f4978be12a30edef9195dc09282cb5dd6301b39c66a SSDeep: 1536:afe8kPt+wCmCyLigEz7apLQSjLxDBYsPj5HpSGDTtdZoRrHMMYIHa3xHP+AXDj87:8oPtml0LQSjLxlFHSwpdZ0rspqUDj8ig |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328905[[fn=Chevron Accent]].glox | 4.16 KB |
MD5:
d6815d3a8cfc0d9d16fb297a8dbe6c01
SHA1: b11e185d3750be5a253355d6983975c340c3a7d6 SHA256: 76a92322eea132a4c11345a74aa1d92e4aad5190355bd40cdda5486dcc582463 SSDeep: 96:bo28vX9twz5NTohJpI7TEMei5y/diB/U9ZXEWo0t:cBPQ5wJCXeik/diB/U96Wo0t |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AGM.dll | 4.90 MB |
MD5:
9fbdc03896daa52627eb1acca5051742
SHA1: e3d1f40f4b50f919cb4d48a4e4623bc2d298b913 SHA256: da3994448e6fe1a74e0bd6ece776ba6a788fca43c7430c30a7ffe28f8997c415 SSDeep: 98304:MIz+kZ4vfiQMY+VKJ4K6thszFckMDiI7+uG37xK+b98mgCL2f06ON1pT:MIz+kZ4vKSghsjMDH7+nK+bewk06ON1F |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\EPDF_RHP.aapp | 0.41 KB |
MD5:
91dd5428c68ed668f881851b2d3bccde
SHA1: 6707e4bc94bde01248d0a86767e6ab76a309181c SHA256: 35bb5e1430a6a30ad72039039605f047541022cb4348196c814a9f5b0119bab0 SSDeep: 12:FHCQ3W3wczR/fTzz7SB5CM6gGVW+wtItMIc:FHpBWf7e5CLSItMZ |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroSup64.dll | 114.00 KB |
MD5:
074f3d77865803d3532463436c40d44d
SHA1: 3289bd3501ff36837b6de5930daf83d344d3076e SHA256: f1ed9d08db2372b22a945f6c446b3f2dfb57d0882a97532cf84bc15310a5c872 SSDeep: 3072:PH+NJJkEmL0j1aJJk1+1OImnkOJVYjrWhms1nA:PeNJJOLm6JkoWkEYXWI5 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\TiTXeHNWNY.flv | 45.52 KB |
MD5:
97159dbf0bb0c61f5ef68278ed2bb7c1
SHA1: bfed6b8c262cce5d9e055c22770ad0a3cce4e0cc SHA256: e5cbd8d5a938edcceabcda63c2099059cba3a6d9d42509f731378db84c4dcbd0 SSDeep: 768:1fTfRsb2aMpJg0KDlVfB57CesAsHQ3HLn0CUOGooDke2To87HQi7gkynCa01eKLO:1rozX09AHz0CUOGof5TNv2nCLBepbpnz |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001106[[fn=Badge]].thmx | 648.39 KB |
MD5:
d1767b5bffb0cc0421c2802699437e53
SHA1: d088571cf63fa285a43406c4692c92b1bfb1ea62 SHA256: 99dd9886fd9c1e952568e6fc65fa0ff21b3d0f1e8d4154fb7bb22898b9e90d0d SSDeep: 12288:Bt7whlvL5XbmCxJtZzrYVZjjrX9ediliRo3EX3e/GMOD6ub:Bt495XbTxPhYVZ3rX9ek8eEXu/E+ub |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Na7yBkRxW5gqqSM.gif | 86.16 KB |
MD5:
bdb71f38b07759417726d27d2010cb5a
SHA1: 4707d66e1c294de87b2bfedc9c62d8263c4c5853 SHA256: 334cfe738c3a164faedb2c8c8e91a1ee742d063181a5c60eee1b078de5baab9e SSDeep: 1536:8wVF3ZzYVAXZHw6wA95h3vdRgybz80fBrmNMLU2UbsapMu/Pjtr:8wVNZEVsHbRl80mmo22/Pjtr |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Sonar\Sonar1.0\sonar_policy.xml | 18.33 KB |
MD5:
06edee8ce626b773994ccfd40ac3f97a
SHA1: 4f19624c85eadde5a69ef5201e1dec800bfa8301 SHA256: d45b5c6dab9391d658dbe6c4271ff600fbb7e4e5bae035727596b0024308751d SSDeep: 384:WhlQH+qX2pDLNn2pD+34beV4G2pDzWTWqC911g:8WHAN93f+m41g |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Visio 2016.lnk | 2.11 KB |
MD5:
75c15ba2050a0ce3a9af12f21da380e8
SHA1: 3eb3d647a77734312415362c1789e12aeb91e840 SHA256: cf4701e0feb83b44d572d577d9e5f3ff25313c7399885eb7ada363e12fdd350c SSDeep: 48:HwhjXv6TZhbuW3BmXTW5hzh6D0i35xpNe:HqjXv6LbuWReTWXzIjK |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe | 114.19 KB |
MD5:
6004abbcd743a5823431de4bed6f7e6c
SHA1: b73324c01a9b48db457b04e8de2b0a2cdd5a5647 SHA256: 712ffe19f09ef44a60607041264c1d538e775fa6e7a47778d0e13e04d7664116 SSDeep: 3072:RZcRfaiwjg3NyOAfXMeEejAtym9tqazbO6pg2Pqp:IcNg3N6fXM7tZvzbOnp |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Combine_R_RHP.aapp | 0.41 KB |
MD5:
5e8c6673429523c913d6ab23085305a6
SHA1: 18588c9e53b35d281559be6739918c70cf87be6b SHA256: ce773dd87c6662c5b133b0a0a8aaf8d93e4d8a0f6f7fc2ee17bc361244a55f00 SSDeep: 6:rQC62PMvO7nKYR/EMqonrH7+W5Np56XljTXFs6pIwKJa+O/Z7E1tOvqTSt3MmQBa:rBQcnlR/Rqonrv6VXXNGa1ZxqTHmx |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol | 0.50 KB |
MD5:
c841d1da4b7c6adb4fddee643578b42c
SHA1: ad2598291615c4068753ee6d02b6e69e2d02c7c4 SHA256: 5b79609472add77ba56beb43088ca0142e4790016fe3d16cdbafb518e1067a07 SSDeep: 12:FMB0+Nqf9ENYp4M1SDCTV8PzgC3BysU0YW7FZxc8:Fm0+NIyM0YV8XvU0VFLF |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\0iZpa3zd4g8L.mkv | 33.48 KB |
MD5:
9886810d7f45e0ad417f5fce7e410ba9
SHA1: 10063bd942e1f3d9849de8161ca6bace185f0235 SHA256: 2cfdeba5fa66138de2608f8924da1d10d68276249b577be16b6858d9f4948099 SSDeep: 768:NwoEZN0Xww/InwIhs3H+2HGkUefFn9qi6sANHHxWPYUDBEcWn8iI:NwoEfwgnfhs3tUefF9D8VRWAUlEc1iI |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328986[[fn=Theme Picture Grid]].glox | 6.06 KB |
MD5:
88eb83db075f2da051c258cd5e038140
SHA1: a042ecdb772e5adfbe93f8cf8d52f254017e1fd8 SHA256: 61c78e2e566d608550e1b2f8b5e2a1a3f53c748af59a1c47cce138f70ea38f03 SSDeep: 192:MFCxTZ3Z5QZjAqAgiD0EvsYVIzMLpuZM83:MFCxTZJ+jAuigEUoIzypuZ13 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457510[[fn=Savon]].thmx | 1.15 MB |
MD5:
b023439a00a46eaf8835eb105831377e
SHA1: 4fc006e60e2d91da6fcc5d00c91a144a65b196a8 SHA256: 615326d72c96e498794d5a72343d3c22c6487d20036bc481f84a6dd14ad6cece SSDeep: 24576:SPpRHxUpK5ajq6TQIDrcH6t38+OiuPumY/ee8zag7rc:0pN2pK5ajnkerztiiAumY/R8esc |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\COPYING.LGPLv2.1.txt | 26.41 KB |
MD5:
2b9b3091f94758c938cfc9ed119d0743
SHA1: 25e4df73b5dd3dbdfdd770547d7b6e0560ec5577 SHA256: 4dc28931ad6607d3edd153d9578c9736e24e5fbbc91da92a4007dfa320fba484 SSDeep: 768:VkrAYRmbop2TLWB1Q2gVvJYbx69zCZOofSP:SAomUpQeQRV2b0VCfu |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\ISO690Nmerical.XSL | 212.48 KB |
MD5:
7b72a46eb55478ff05211289ee6fc11a
SHA1: b3b5ca006fe23f7192932050d54092f4dcc2e5bb SHA256: 2a3a2a5c87efc8a226583ef2e0d63393c725d8f4bfe2c553a22a0f050fa9d35e SSDeep: 6144:W5PJBfAeSG/UqlBo98SwuGkIJ/RT9pxHmC:M/qqr7lfJ |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\gG5PhGomRyRPP.bmp | 27.20 KB |
MD5:
d6e9c610a3cf60ad5b3247280d708b5a
SHA1: c4069a4bdddaac7e22044f9a59358f41ef4e51f1 SHA256: acd440ed9b93d99842f2dfcb87d109839a456a8d5f74a7211df8d108c92a3172 SSDeep: 384:J8ECuCfvMpq3nHjU9S+VMnt12vTpcig0PIpQYAySirJ29G347vzgxdRa/dzWC24+:JsuCXXw9hirIchuabAySIWDzea/orpZ |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\zPlwGU07 kcnw.pps | 26.84 KB |
MD5:
05f69a5b37f32a26092d5330f9d4204c
SHA1: 2afc5b9b956d4f95d227ee79df8c541e604114d8 SHA256: f605aacc0c3174a1d9dd419640822cbd0bbf525530e14d2deaf30f179cf6213e SSDeep: 768:1n8xOJ3Gi6ak4rHUthq93MImt3kVxO5Oi3202pCo:uQGi6+HAhqVHmpkLgP3FI5 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\h2FEIh7b7C.bmp | 74.73 KB |
MD5:
ff61959911fc7a57c92f6d81c129cbf0
SHA1: 8f7ef3d183912fc076fdaa0f710ab83d69649a3b SHA256: 7c87c7f19735f225f038c4b9c16fd6e75502ebe9e7bc6ed50ab6f1fbe304372d SSDeep: 1536:kxUtbEVKhOyK2aXdqMA5a3HSJZEOx/+KHjsOpn6BS:kytb0KPaXu59T+aHMS |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457503[[fn=Quotable]].thmx | 944.30 KB |
MD5:
5fde15f5ab881292f2fc9da99d620896
SHA1: ec1d95fcaeb19e0a95ea517057fc7a0165e0be4a SHA256: 46bb4c046a4dde31a56f58ac2a33498ed9b838876a5e62dec0a4a138374bbd7f SSDeep: 24576:sf0dRoyzny+ROT/oBP9zVtNY44obfp/ZfcCjffhviz:sf0d1znHODcV84phRvjfJiz |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328884[[fn=architecture]].glox | 5.66 KB |
MD5:
26cb8e2b490b4bf2d2babe6363f759d1
SHA1: a1ce7b70b2dae65cef6d8e8cc1f4c57fd1f406a8 SHA256: 249e20869b46e53a69b8b3b7975fe5d54dfd6d2da8120165399f33484eb06bfa SSDeep: 96:f7DOUnrXo/AEMa5b4AZBYF06RwoPFGHJWo3wA+O4WMzlZ:POUrXoY9AZw06+xHJW4wxOPML |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\EPDF_Full.aapp | 0.39 KB |
MD5:
25e44e06d1125d3930685a1aa2f27950
SHA1: ce0ba70ad316c8e395337e58b92522a9f036ae6f SHA256: 3b7e33eebef50ffcc39e716a4eefb4dcd01b5ee04cc4829b1af87398f4f4e642 SSDeep: 12:ODV8tlzj/ulpXob2+AqPir6WRn0awXSfl8A:FsXob2+AyuVRtwXSfWA |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\LqkxAaKe.gif | 13.08 KB |
MD5:
e73703c32c780979c43f221fa5129c19
SHA1: 92c136059062b9086d73747af05760045b177d53 SHA256: d48bdfffc4c1657352f0c0323bad9d9c664a373db04ce3de41e301f69416f865 SSDeep: 384:cuDdDvpu1cAbQAUHnJ1EwI/N2SgDhQflj:fBDvp0c4kJi12LlQflj |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ExtendScript.dll | 646.67 KB |
MD5:
f865571f8333c34d99b7e9aa9fc1859c
SHA1: e1e74efc2da9ba8ebbd65d511b847485ed646ccd SHA256: 22fb7c70888b80d058cfe86d96efbeb8be08a36b9d377ee9f48c3f3d5adcc3d1 SSDeep: 12288:QhaD0ozyYOUUv+nkQb4NofwVmRq+Dij+TiZZnaw7XxJQ/kVr3qJRHbfZESG:QwQozypUUvyb7q+TaZnaw7BbraHan |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_base.dll | 395.02 KB |
MD5:
fda5e106201cfd688296f58f4a0b516b
SHA1: 1c0573372f8a2f6efe60e4fef3237f342bdf5f89 SHA256: 810e61145bbb738b92c15c7461f51c23ae7e88f7253c4ead7b70462eb1a72b6e SSDeep: 6144:HtRqSexKYjlX0EtbJGzuC71xTuGI9gz12A+oHiOqhJKDHeraTn65GdTG52:HtRqSeoYjVvA8GImhUUq+Leri6cdTG8 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\CHICAGO.XSL | 290.06 KB |
MD5:
570a7cf3f9915732f3934a1f6f5b3049
SHA1: b5af3f12b3666c0bb52ba538cb665c9bd3a9095c SHA256: fa06b7946958a091cc26c6ca5bf6d2ff10cb67ff373eaef9eb105178f5028e70 SSDeep: 6144:TbVFcffi7qIKGsyFTe+CCJznOVkUBARb7v485gy4yl9fPLXhryEu/9u:rDsGxQ8yE2s |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\E_YYe_Gq1htVp.m4a | 91.06 KB |
MD5:
1ef1df4b202080722ec4834491846da8
SHA1: e76870f53e7118441242faeb43feaf2df4e12cbd SHA256: 1231e9aec0b626432c0aef0d7f769c704f499a6707e6a205297e0ab957a8a60d SSDeep: 1536:9XazcLeaNZtmwT6HdmBjWs151WHO0qa50pWs0sgqypXqcofGAQGD/e22+YejOAm0:cgyaJm5mB+O1QWHgqypXMzDm229+7tJf |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Click on 'Change' to select default PDF handler.pdf | 182.47 KB |
MD5:
ace6b7a3bb33e3cfe2eca04c0906cc8c
SHA1: 224b77c22bb17090da838fb9dcc696eadee3733a SHA256: eeba24cbc2628bb73f3766577f585f3036b42c500551efd78867d7e9bfcf77f3 SSDeep: 3072:1kaVxJc6o6UZVGGnhqvg1uufbkP3aqZn2j9Z4YsCx2kOTyOLvqpKCyTbNmmaJnLj:1tVEVGmIg1pfbUKmU99nxfTpKVbNm7gc |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457496[[fn=Parallax]].thmx | 903.02 KB |
MD5:
82641a4a8a98d2d82a6da45a681f2a47
SHA1: 75ee1e9d482133c075f0ff7d3076e73e93bb942b SHA256: faf75035c05b85e9c0626783c798303635b48b69adfd670dae5c9498b85f0140 SSDeep: 24576:P2JMUOglU8MSgts/Aild0YkjbNtO1DRm8McPPWOM:HUh/Yg0hbO1DRLMyQ |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Redact_R_RHP.aapp | 0.41 KB |
MD5:
dd884f46c728a7517aa3958d1ab645d8
SHA1: 85b8fce7e18529483bcd5764e1f36066cda5aa1b SHA256: 221c82b88e717165c048c3c0108cd43a49fd3611bb89480eb4cd309330bdbaa7 SSDeep: 12:/Xf0NzT97zmvcoSx+rUBlV3pJS2OF24ICin:/Xfwvpy0oSxVlE2OfK |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\A3DUtils.dll | 163.00 KB |
MD5:
3cf3c2204d8c10de2871228a87ba9b8c
SHA1: 73cf5140efda695c982970f912efd8324402f993 SHA256: 50158733158b4ea828240d10bad93d28793d69a03cdc73b7a71bdbe45fc2d0e7 SSDeep: 3072:2EUxoyZoaRceP3Ag0DxrgKZ/jjaRsQ7j/tVJOXvNglOUKpbfOW2PuZOnT+uAZjNA:7UxtZoaRceIDxrFjjaRsQ7j/tVMlglOS |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\adoberfp.dll | 277.59 KB |
MD5:
7df267b87603f1b03bb34c6acf62f00f
SHA1: d635a27c2f14f0b060d21d6052cb57e0047b331f SHA256: 2b3b68977da9e4a5934c39d6efd9cc156f6dd9f3d69fa149a775555003620a79 SSDeep: 6144:saqqKcAe//cd0sApGLJHiSvUUaWwJ2wH2/ped8dIS4JXpLKujcQ6so:sqKJF0sAp+HiSv/M2gU5dRyXz4Lso |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\OptimizePDF_R_RHP.aapp | 0.44 KB |
MD5:
4a80512e18928728384227ea231390d2
SHA1: 4b03ab1f8272d794e6c6b31456a5f23756fc1ad9 SHA256: 4d847820e8774241602b1e37bcb674d1b38d60abad870fa7439ab2fba8712d26 SSDeep: 12:WjMnIOM1KzOBMrXvuvcxmnAldH5evb6YERv:7IOkFBMr/uvcxmnadH5+o |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\PowerPoint 2016.lnk | 2.41 KB |
MD5:
61c04e5437bf0a621abde1b41a5921b1
SHA1: 315e06e317d5c0f83d5db5aa7328159b050e1910 SHA256: d7647e59aa5f2345a6b011d65d65fb4edf45d7dbd9323866c788f118960aca37 SSDeep: 48:VzCdVMckX9AihStWrSsmPnjUEm6VTOPnnnnnnnnonP3tsnnnnnnnnnnnnnnnnnnk:JCdVvY9AiEQGPjVOPnnnnnnnnonPKnnk |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Adobe.Reader.Dependencies.manifest | 1.78 KB |
MD5:
5525f074c9be3b0372e05f290ec15aec
SHA1: b5a5e421eb2cbf9775026ac3dfa7e3b9408b554a SHA256: 50af9bdf59fa51bc2bdb0bb66180db5f9d7128ab45f657e4f1ab77193f466622 SSDeep: 48:9TFd1y+2+j7ED4FhLTAZKAXk5ia0BiFyD5yeXQ:9Fd14C4DmhPAnQi/BiotyeA |
|
|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Welcome.pdf | 75.69 KB |
MD5:
9943ef11fe72b89f96b1579c9c904444
SHA1: 9d8f06a01cbb36686d6b764b9f7a52cab4c58da6 SHA256: 5c431b03a6d80378ce8e9532a8b2703fe074aa205559d23fc22e8876961014a8 SSDeep: 1536:R2zTIUJetcMQLJ0FmEYZSB2W9FScRHYFDj9K7nI1PT33Z3L43LBbbV/DBRi:Ezc9xQomEYZSB2AF1R41j9K7MPbpMRhe |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328932[[fn=Picture Frame]].glox | 4.23 KB |
MD5:
60b91edaf93863f7d817567120ad4808
SHA1: 4dacd9dac318d9db44732bf037f8dc9c62ceee37 SHA256: 2991ebef6c68842fe8436ced806b46431ea6f3e56f49fdeed942ceb14706476d SSDeep: 96:7jK5kQ3MCAXk/16kALSBGYLM6gqE9n4XtJ0FTMIg6xtZjQ9/s7G1p0bMaahadMW:7OiPVk4zmMobRs8tJ0NMKtW9/s7ZMhlW |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings | 0.03 KB |
MD5:
17ccea87eeb2f9405599bfa6782a33dd
SHA1: 9123e3cf90e820700223890ccd675abbffb60e3b SHA256: 13f1b586d9bd60fb8a229e83625a03bd8a03773edccb39bbe15ebb9873c73577 SSDeep: 3:jChuWPfT+pIYm2n:+hwpI6 |
|
|
Host Behavior
COM (6)
| Operation | Class | Interface | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Create | WbemDefaultPathParser | IClassFactory | cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
3 | |
| Create | WBEMLocator | IClassFactory | cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
1 | |
| Create | WBEMLocator | IWbemLocator | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Execute | WBEMLocator | IWbemLocator | method_name = ConnectServer, network_resource = \\.\root\cimv2 |
|
1 |
File (4816)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\screen.jpg | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Temp\don.bmp | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\0iZpa3zd4g8L.mkv | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\0iZpa3zd4g8L.mkv | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\15xo6kifu pmSmCyy-0r.m4a | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\15xo6kifu pmSmCyy-0r.m4a | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\1HGO.pps | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\1HGO.pps | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\1XHufR-DxIGxuK V.gif | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\1XHufR-DxIGxuK V.gif | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\5N0mP.mp3 | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\5N0mP.mp3 | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\6jKSrZJ88Nt.wav | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\6jKSrZJ88Nt.wav | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\7h3QF4wV.mkv | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\7h3QF4wV.mkv | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\aF5hPNlB271.ppt | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\aF5hPNlB271.ppt | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\BWs 3bhQ1.avi | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\BWs 3bhQ1.avi | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\cjaeW XgxzGyM50.doc | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\cjaeW XgxzGyM50.doc | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\EPWxIuv.wav | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\EPWxIuv.wav | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\E_YYe_Gq1htVp.m4a | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\E_YYe_Gq1htVp.m4a | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\FDO8HMeSGmQJ.mp3 | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\FDO8HMeSGmQJ.mp3 | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\fXiuXdEX.mp4 | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\fXiuXdEX.mp4 | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\G5MbiMZSXdsj9RRuy4.m4a | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\G5MbiMZSXdsj9RRuy4.m4a | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\gG5PhGomRyRPP.bmp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\gG5PhGomRyRPP.bmp | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\gwX91CRt0Sj.mp3 | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\gwX91CRt0Sj.mp3 | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\gW_ 0mkl9Fl_moi.png | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\gW_ 0mkl9Fl_moi.png | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\h2FEIh7b7C.bmp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\h2FEIh7b7C.bmp | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\hGiFShE.mp3 | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\hGiFShE.mp3 | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\iQKMvUzGPjtGBd0lRgyy.bmp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\iQKMvUzGPjtGBd0lRgyy.bmp | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Jj961q86p5_E.mp3 | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Jj961q86p5_E.mp3 | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\kPvJOo_e0v2YY.bmp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\kPvJOo_e0v2YY.bmp | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\lbYChRg-xAiK-KFgsEDW.gif | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\lbYChRg-xAiK-KFgsEDW.gif | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\LqkxAaKe.gif | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\LqkxAaKe.gif | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Na7yBkRxW5gqqSM.gif | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\desktop.ini | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Program Files (x86)\desktop.ini | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Na7yBkRxW5gqqSM.gif | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\PiQQ2Af9SozQW.bmp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\PiQQ2Af9SozQW.bmp | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\pVHPwtaaDNFAoC4M.wav | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\pVHPwtaaDNFAoC4M.wav | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\q0Lfg4X0PkE9ZS3se1w.wav | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\q0Lfg4X0PkE9ZS3se1w.wav | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\TiTXeHNWNY.flv | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\TiTXeHNWNY.flv | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\TP9I5YPYS.bmp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\TP9I5YPYS.bmp | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\vRIJHQaZ.mp3 | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\vRIJHQaZ.mp3 | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\ZMyqqk.avi | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\ZMyqqk.avi | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\zPlwGU07 kcnw.pps | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\zPlwGU07 kcnw.pps | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobData | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobData | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\0FDED5CEB68C302B1CDB2BDDD9D0000E76539CB0.crl | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\0FDED5CEB68C302B1CDB2BDDD9D0000E76539CB0.crl | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\CE338828149963DCEA4CD26BB86F0363B4CA0BA5.crl | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\CE338828149963DCEA4CD26BB86F0363B4CA0BA5.crl | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Flash Player\NativeCache\NativeCache.directory | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Flash Player\NativeCache\NativeCache.directory | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\LogTransport2\LogTransport2.cfg | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\LogTransport2\LogTransport2.cfg | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Sonar\Sonar1.0\sonar_policy.xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\ncstatements.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\ncstatements.exe | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Sonar\Sonar1.0\sonar_policy.xml | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Access\AccessCache.accdb | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Access\AccessCache.accdb | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Access\System.mdw | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\ReadMe.htm | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Access\System.mdw | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\ncstatements.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\ReadMe.htm | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\ReadMe.htm | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\APASixthEditionOfficeOnline.xsl | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\ReadMe.htm | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\APASixthEditionOfficeOnline.xsl | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\CHICAGO.XSL | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\CHICAGO.XSL | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\A3DUtils.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\A3DUtils.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\A3DUtils.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ACE.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\A3DUtils.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ACE.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\GB.XSL | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ACE.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\GB.XSL | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\GostName.XSL | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\GostName.XSL | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\GostTitle.XSL | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Acrofx32.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\GostTitle.XSL | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\HarvardAnglia2008OfficeOnline.xsl | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Acrofx32.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ACE.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Acrofx32.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\HarvardAnglia2008OfficeOnline.xsl | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\IEEE2006OfficeOnline.xsl | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\IEEE2006OfficeOnline.xsl | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\ISO690.XSL | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\ISO690.XSL | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\ISO690Nmerical.XSL | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\ISO690Nmerical.XSL | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\MLASeventhEditionOfficeOnline.xsl | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\MLASeventhEditionOfficeOnline.xsl | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\SIST02.XSL | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\SIST02.XSL | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\TURABIAN.XSL | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\TURABIAN.XSL | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1462094071-1423818996-289466292-1000\46a78fa46b43fb180b4fa21773f8ff3e_427a1946-e0ff-4097-8c9e-ca2c1e22780b | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1462094071-1423818996-289466292-1000\46a78fa46b43fb180b4fa21773f8ff3e_427a1946-e0ff-4097-8c9e-ca2c1e22780b | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1462094071-1423818996-289466292-1000\83aa4cc77f591dfc2374580bbd95f6ba_427a1946-e0ff-4097-8c9e-ca2c1e22780b | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1462094071-1423818996-289466292-1000\83aa4cc77f591dfc2374580bbd95f6ba_427a1946-e0ff-4097-8c9e-ca2c1e22780b | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Document Building Blocks\1033\16\Built-In Building Blocks.dotx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Document Building Blocks\1033\16\Built-In Building Blocks.dotx | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Excel 2016.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Excel 2016.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\OneNote 2016.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\OneNote 2016.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Outlook 2016.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Outlook 2016.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\PowerPoint 2016.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\PowerPoint 2016.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Project 2016.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Project 2016.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Visio 2016.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Visio 2016.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Word 2016.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Word 2016.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\MS Project\16\en-US\Global.MPT | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\MS Project\16\en-US\Global.MPT | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Office\MSO1033.acl | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Office\MSO1033.acl | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Office\Recent\Database1.LNK | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Res.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Office\Recent\Database1.LNK | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Office\Recent\Documents.LNK | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Res.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Office\Recent\Documents.LNK | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Office\Recent\Global.LNK | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Office\Recent\Global.LNK | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Office\Recent\index.dat | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Office\Recent\index.dat | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Office\Recent\Templates.LNK | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Office\Recent\Templates.LNK | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\OneNote\16.0\Preferences.dat | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\OneNote\16.0\Preferences.dat | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Outlook\Outlook.srs | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Outlook\Outlook.srs | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Outlook\Outlook.xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Outlook\Outlook.xml | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\CREDHIST | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\CREDHIST | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\SYNCHIST | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\SYNCHIST | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\04cd465a-248d-4abd-853a-5cb67fe43510 | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\04cd465a-248d-4abd-853a-5cb67fe43510 | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\15d22704-736b-416f-a36b-857f2a5d2a7e | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\15d22704-736b-416f-a36b-857f2a5d2a7e | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\496f2c5b-a90f-4380-b805-3bf6ac63451b | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\496f2c5b-a90f-4380-b805-3bf6ac63451b | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\5b8a3202-35dc-4437-b5d7-374f5e872415 | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\5b8a3202-35dc-4437-b5d7-374f5e872415 | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\60b22e29-462b-4858-9592-1724c7ae07dd | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\60b22e29-462b-4858-9592-1724c7ae07dd | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\d7746ecf-458e-4e71-8557-8ac80457022a | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\d7746ecf-458e-4e71-8557-8ac80457022a | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\Preferred | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\Preferred | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Publisher Building Blocks\ContentStore.xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Publisher Building Blocks\ContentStore.xml | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\SystemCertificates\My\AppContainerUserCertRead | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\SystemCertificates\My\AppContainerUserCertRead | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Calendar insights.xltm | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Calendar insights.xltm | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Cashflow analysis.xltm | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Cashflow analysis.xltm | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Email Insights.xltm | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Res.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Email Insights.xltm | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Res.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Normal.dotm | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Normal.dotm | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Process Map for Basic Flowchart.xltx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Process Map for Basic Flowchart.xltx | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Process Map for Cross-Functional Flowchart.xltx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Process Map for Cross-Functional Flowchart.xltx | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Stock symbols comparison.xltm | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Stock symbols comparison.xltm | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Welcome to Excel.xltx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroSup64.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroSup64.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Welcome to Excel.xltx | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03090430[[fn=Banded]].thmx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Adobe.Reader.Dependencies.manifest | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Adobe.Reader.Dependencies.manifest | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03090430[[fn=Banded]].thmx | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03090434[[fn=Wood Type]].thmx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeLinguistic.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeLinguistic.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\adoberfp.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\adoberfp.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeXMP.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03090434[[fn=Wood Type]].thmx | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeXMP.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AGM.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroSup64.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Adobe.Reader.Dependencies.manifest | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeLinguistic.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\adoberfp.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeXMP.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AGM.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457444[[fn=Basis]].thmx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457444[[fn=Basis]].thmx | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457464[[fn=Dividend]].thmx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457464[[fn=Dividend]].thmx | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457475[[fn=Frame]].thmx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457475[[fn=Frame]].thmx | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AGM.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457485[[fn=Mesh]].thmx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AGM.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AGMGPUOptIn.ini | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457485[[fn=Mesh]].thmx | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AGMGPUOptIn.ini | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AGMGPUOptIn.ini | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ahclient.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AGMGPUOptIn.ini | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ahclient.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ahclient.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIDE.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457491[[fn=Metropolitan]].thmx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ahclient.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457491[[fn=Metropolitan]].thmx | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIDE.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIDE.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457496[[fn=Parallax]].thmx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AXE8SharedExpat.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AXE8SharedExpat.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AXSLE.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AXE8SharedExpat.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AXSLE.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457496[[fn=Parallax]].thmx | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AXSLE.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\BIB.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457503[[fn=Quotable]].thmx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\BIB.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\BIB.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\BIBUtils.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\BIB.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\BIBUtils.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_asym.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457503[[fn=Quotable]].thmx | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\BIBUtils.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_asym.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457510[[fn=Savon]].thmx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_asym.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_base.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_base.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_base.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457510[[fn=Savon]].thmx | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_base_non_fips.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_base_non_fips.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_base_non_fips.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_ecc.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_base_non_fips.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457515[[fn=View]].thmx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_ecc.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457515[[fn=View]].thmx | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Click on 'Change' to select default PDF handler.pdf | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_ecc.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Click on 'Change' to select default PDF handler.pdf | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033917[[fn=Berlin]].thmx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Click on 'Change' to select default PDF handler.pdf | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\CoolType.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Click on 'Change' to select default PDF handler.pdf | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\CoolType.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033917[[fn=Berlin]].thmx | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033919[[fn=Circuit]].thmx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\CoolType.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033919[[fn=Circuit]].thmx | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\CoolType.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\cryptocme.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\cryptocme.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\cryptocme.sig | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\cryptocme.sig | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\DirectInk.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\DirectInk.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033921[[fn=Damask]].thmx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ExtendScript.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\cryptocme.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\cryptocme.sig | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\DirectInk.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ExtendScript.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ExtendScript.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ExtendScript.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\icucnv40.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\icucnv40.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033921[[fn=Damask]].thmx | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\icucnv40.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\icudt40.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\icudt40.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\JP2KLib.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\icucnv40.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\icudt40.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\JP2KLib.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033925[[fn=Droplet]].thmx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\JP2KLib.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\logsession.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\JP2KLib.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033925[[fn=Droplet]].thmx | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\logsession.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\logsession.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Onix32.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Onix32.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Onix32.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\PDFPrevHndlr.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033927[[fn=Main Event]].thmx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\PDFPrevHndlr.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\PDFPrevHndlr.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\PDFSigQFormalRep.pdf | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\PDFSigQFormalRep.pdf | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\PDFSigQFormalRep.pdf | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033927[[fn=Main Event]].thmx | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\PDFSigQFormalRep.pdf | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\pe.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\pe.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033929[[fn=Slate]].thmx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\pe.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\pmd.cer | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\pmd.cer | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\pmd.cer | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\rt3d.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\rt3d.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033929[[fn=Slate]].thmx | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\rt3d.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\rt3d.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\RTC.der | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\RTC.der | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ScCore.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ScCore.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\RTC.der | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ScCore.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\sqlite.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\sqlite.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033937[[fn=Vapor Trail]].thmx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\sqlite.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\sqlite.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ViewerPS.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033937[[fn=Vapor Trail]].thmx | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ViewerPS.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ViewerPS.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Welcome.pdf | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ViewerPS.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Welcome.pdf | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Welcome.pdf | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Welcome.pdf | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\AppCenter_R.aapp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\AppCenter_R.aapp | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Certificates_R.aapp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\AppCenter_R.aapp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Certificates_R.aapp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Certificates_R.aapp | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\CollectSignatures.aapp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\CollectSignatures.aapp | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Combine_R_RHP.aapp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Combine_R_RHP.aapp | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Comments.aapp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Certificates_R.aapp | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\CollectSignatures.aapp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Comments.aapp | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Compare_R_RHP.aapp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Combine_R_RHP.aapp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Comments.aapp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Compare_R_RHP.aapp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Compare_R_RHP.aapp | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\CPDF_Full.aapp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\CPDF_Full.aapp | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\CPDF_RHP.aapp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\CPDF_RHP.aapp | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Edit_R_Exp_RHP.aapp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Edit_R_Exp_RHP.aapp | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Edit_R_Full.aapp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Edit_R_Full.aapp | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Compare_R_RHP.aapp | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001103[[fn=Headlines]].thmx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\CPDF_Full.aapp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\CPDF_RHP.aapp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Edit_R_Exp_RHP.aapp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Edit_R_Full.aapp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Edit_R_RHP.aapp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001103[[fn=Headlines]].thmx | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Edit_R_RHP.aapp | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\EPDF_Full.aapp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\EPDF_Full.aapp | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\EPDF_RHP.aapp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Edit_R_RHP.aapp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\EPDF_Full.aapp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\EPDF_RHP.aapp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001104[[fn=Feathered]].thmx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\EPDF_RHP.aapp | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\FillSign.aapp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\EPDF_RHP.aapp | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\FillSign.aapp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\FillSign.aapp | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Home.aapp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Home.aapp | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Measure.aapp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Measure.aapp | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\MoreTools.aapp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\MoreTools.aapp | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\OptimizePDF_R_RHP.aapp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\FillSign.aapp | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Home.aapp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Measure.aapp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\MoreTools.aapp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\OptimizePDF_R_RHP.aapp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\OptimizePDF_R_RHP.aapp | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Pages_R_RHP.aapp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Pages_R_RHP.aapp | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Protect_R_RHP.aapp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Protect_R_RHP.aapp | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Redact_R_RHP.aapp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\OptimizePDF_R_RHP.aapp | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001104[[fn=Feathered]].thmx | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Pages_R_RHP.aapp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Protect_R_RHP.aapp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Redact_R_RHP.aapp | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Scan_R_RHP.aapp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Scan_R_RHP.aapp | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Stamp.aapp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Stamp.aapp | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\TrackedSend.aapp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\TrackedSend.aapp | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Viewer.aapp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Viewer.aapp | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef.pak | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Redact_R_RHP.aapp | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Scan_R_RHP.aapp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Stamp.aapp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\TrackedSend.aapp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Viewer.aapp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef.pak | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef.pak | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef_100_percent.pak | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef_100_percent.pak | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef_200_percent.pak | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef_200_percent.pak | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef_extensions.pak | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef_extensions.pak | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\chrome_elf.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001105[[fn=Crop]].thmx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef.pak | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef_100_percent.pak | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef_200_percent.pak | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef_extensions.pak | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001105[[fn=Crop]].thmx | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001106[[fn=Badge]].thmx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\chrome_elf.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\chrome_elf.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001106[[fn=Badge]].thmx | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001114[[fn=Gallery]].thmx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\COPYING.LGPLv2.1.txt | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\COPYING.LGPLv2.1.txt | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\COPYING.LGPLv2.1.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\d3dcompiler_43.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\COPYING.LGPLv2.1.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\d3dcompiler_43.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001114[[fn=Gallery]].thmx | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001115[[fn=Parcel]].thmx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001115[[fn=Parcel]].thmx | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\d3dcompiler_43.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\d3dcompiler_43.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328884[[fn=architecture]].glox | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328884[[fn=architecture]].glox | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328893[[fn=BracketList]].glox | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\d3dcompiler_47.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328893[[fn=BracketList]].glox | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328905[[fn=Chevron Accent]].glox | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328905[[fn=Chevron Accent]].glox | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328908[[fn=Circle Process]].glox | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\d3dcompiler_47.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328908[[fn=Circle Process]].glox | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328916[[fn=Converging Text]].glox | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328916[[fn=Converging Text]].glox | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328919[[fn=Hexagon Radial]].glox | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328919[[fn=Hexagon Radial]].glox | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328925[[fn=Interconnected Block Process]].glox | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328925[[fn=Interconnected Block Process]].glox | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328932[[fn=Picture Frame]].glox | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328932[[fn=Picture Frame]].glox | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328935[[fn=Picture Organization Chart]].glox | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328935[[fn=Picture Organization Chart]].glox | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328940[[fn=Radial Picture List]].glox | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328940[[fn=Radial Picture List]].glox | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328951[[fn=Tabbed Arc]].glox | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\d3dcompiler_47.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\d3dcompiler_47.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328951[[fn=Tabbed Arc]].glox | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328972[[fn=Tab List]].glox | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328972[[fn=Tab List]].glox | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328975[[fn=Theme Picture Accent]].glox | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328975[[fn=Theme Picture Accent]].glox | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudt.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328983[[fn=Theme Picture Alternating Accent]].glox | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328983[[fn=Theme Picture Alternating Accent]].glox | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328986[[fn=Theme Picture Grid]].glox | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328986[[fn=Theme Picture Grid]].glox | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328990[[fn=Varying Width List]].glox | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328990[[fn=Varying Width List]].glox | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328998[[fn=Rings]].glox | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudt.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328998[[fn=Rings]].glox | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\AccountPictures\desktop.ini | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\AccountPictures\desktop.ini | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Libraries\CameraRoll.library-ms | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Libraries\CameraRoll.library-ms | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Libraries\SavedPictures.library-ms | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Libraries\SavedPictures.library-ms | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\-ETZ0.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\-ETZ0.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\-yuLo8Xz54U7i9L0KEO.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\-yuLo8Xz54U7i9L0KEO.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\0iZpa3zd4g8L.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\0iZpa3zd4g8L.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\0Nrb.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\0Nrb.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\1-_Zm94tvZosY8j.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\1-_Zm94tvZosY8j.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\1HGO.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\1HGO.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\1Nqst9Pv9H0NqTWMz.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\1Nqst9Pv9H0NqTWMz.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\1XHufR-DxIGxuK V.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\1XHufR-DxIGxuK V.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\2AAH.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\2AAH.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\2lQa.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\2lQa.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\2VBt.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\2VBt.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\3uC5lPg2.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\3uC5lPg2.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\3UgPVdPfYZjjrZ.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\3UgPVdPfYZjjrZ.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\4BeVEPykueyWk.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\4BeVEPykueyWk.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\4oY1.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\4oY1.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\4ZpwZlP.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\4ZpwZlP.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\5asscy.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\5asscy.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudt.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudt.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\5euoT.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\5euoT.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\5Mw2r9UNadjcKS 5kI.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\5Mw2r9UNadjcKS 5kI.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\5N0mP.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\5N0mP.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\64lRu.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\64lRu.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\6boiF3wfD.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\6boiF3wfD.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\6EkNNw1.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\6EkNNw1.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\6jKSrZJ88Nt.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\6jKSrZJ88Nt.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\7h3QF4wV.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\7h3QF4wV.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\7kRyLLh8Fecfz.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\7kRyLLh8Fecfz.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\8KYx2CszEFgmwAnMdWQ.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\8KYx2CszEFgmwAnMdWQ.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\8Nc3tSj.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\8Nc3tSj.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\8O3xInjFG-.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\8O3xInjFG-.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\96N_Ex4DfD4NUl.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\96N_Ex4DfD4NUl.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\a632tVWij.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\a632tVWij.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudtl.dat | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudtl.dat | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libcef.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\aGAV 4MO.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\aGAV 4MO.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Ajaa.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Ajaa.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\AnAfGx.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\AnAfGx.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudtl.dat | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libcef.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\aNP6 q0g4QCqKdj_BlK.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\aNP6 q0g4QCqKdj_BlK.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\ap2 wE6qqrqV.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\ap2 wE6qqrqV.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\aslyDbn3T.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\aslyDbn3T.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\AYoHC-JwkrpFhY.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\AYoHC-JwkrpFhY.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Bbu-W_Sogh6ms J.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Bbu-W_Sogh6ms J.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\bhLW0klTEyT.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\bhLW0klTEyT.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\BuSDZubvOoJLQqb6kp.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\BuSDZubvOoJLQqb6kp.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\BVafMs.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\BVafMs.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\BWs 3bhQ1.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\BWs 3bhQ1.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\C 7StU PmrF W5.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\C 7StU PmrF W5.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\CaYFhx2S_sx0I.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\CaYFhx2S_sx0I.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\cBictnZUzxJqTjU0By.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\cBictnZUzxJqTjU0By.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\cOVJQbE5KC.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\cOVJQbE5KC.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\CRmvkbrUU.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\CRmvkbrUU.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\csSjj1NyoP Y.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\csSjj1NyoP Y.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\cVWb4ijjzB6XY54q-.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\cVWb4ijjzB6XY54q-.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\cZ9NNansodbagz2y.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\cZ9NNansodbagz2y.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\d UHIyZMKWtXxZo4.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\d UHIyZMKWtXxZo4.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\DlKGWjPL.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\DlKGWjPL.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\DQbHeP4EQMchn5K4Y.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\DQbHeP4EQMchn5K4Y.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\dTYc26jTROQFY8L9.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\dTYc26jTROQFY8L9.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\eVLxxpIB4LEo2.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\eVLxxpIB4LEo2.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\FQY MiRxNH.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\FQY MiRxNH.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\fXiuXdEX.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\fXiuXdEX.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\fX_6RGO9x6eah.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\fX_6RGO9x6eah.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\g 5mKHLgSTRsHOoqKX.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\g 5mKHLgSTRsHOoqKX.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\g8__lQYJHvLKkA.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\g8__lQYJHvLKkA.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\GIQa1rxE.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\GIQa1rxE.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\GVP8Q i8h5z.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\GVP8Q i8h5z.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\GwjnHz0szYzIRd g9sf.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\GwjnHz0szYzIRd g9sf.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\gW_ 0mkl9Fl_moi.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\gW_ 0mkl9Fl_moi.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\h2FEIh7b7C.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\h2FEIh7b7C.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\hGiFShE.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\hGiFShE.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Hp7R2t_MgqX-MHjZrFQZ.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Hp7R2t_MgqX-MHjZrFQZ.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\hWgJewIS.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\hWgJewIS.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\i3fyVPekcQKVJV8_b.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\i3fyVPekcQKVJV8_b.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Igp6Jr9yJli.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Igp6Jr9yJli.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\igV00fF_ThP CVjl.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\igV00fF_ThP CVjl.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\iPb_8u5S.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\iPb_8u5S.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\iT4co4GLTCD_tAT.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\iT4co4GLTCD_tAT.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\iVNbo.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\iVNbo.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\JacMcxHcE7vksb.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\JacMcxHcE7vksb.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\jGHwu0SUV-gXfkT.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\jGHwu0SUV-gXfkT.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\JhYilt85gm5KSggeHJ7.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\JhYilt85gm5KSggeHJ7.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Jj961q86p5_E.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Jj961q86p5_E.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\JNaf9bh.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\JNaf9bh.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\jQdhJt.flv.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\jQdhJt.flv.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\jXcxQJvmWSH.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\jXcxQJvmWSH.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\JZtqv-Ht8d.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\JZtqv-Ht8d.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\k09yi.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\k09yi.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\k4W3FgSBO.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\k4W3FgSBO.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\KabYmsyxFc.ots.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\KabYmsyxFc.ots.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\KhzVlj3zvSya_QSP.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\KhzVlj3zvSya_QSP.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\KnLEp.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\KnLEp.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\kWBSa.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\kWBSa.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\lNI60Joqk.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\lNI60Joqk.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\LqkxAaKe.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\LqkxAaKe.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\lun6 cAVxh5v_gf.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\lun6 cAVxh5v_gf.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\lvau9ezjm-IJ83H.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\lvau9ezjm-IJ83H.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\lWsFNEOIL0dt.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\lWsFNEOIL0dt.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\M233lhenzlI1qOh7S.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\M233lhenzlI1qOh7S.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\MAdMS4nj6lKxPVU3Qq.flv.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\MAdMS4nj6lKxPVU3Qq.flv.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\mi_wLOzh1KYdT.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\mi_wLOzh1KYdT.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Music.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Music.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Na7yBkRxW5gqqSM.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Na7yBkRxW5gqqSM.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\nH86K6.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\nH86K6.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\nuY4Hm8K.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\nuY4Hm8K.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\oGW5RfGE.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\oGW5RfGE.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\oPsjoFF_yjtgH.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\oPsjoFF_yjtgH.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\OY2e9ZpvYz9WHskNo.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\OY2e9ZpvYz9WHskNo.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\pAW2h0x3EVM3a.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\pAW2h0x3EVM3a.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Pictures.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Pictures.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\PiQQ2Af9SozQW.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\PiQQ2Af9SozQW.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\PITEDAvXaKBnRk0o0Rq.flv.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\PITEDAvXaKBnRk0o0Rq.flv.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\PoJLcr-.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\PoJLcr-.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\pVHPwtaaDNFAoC4M.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\pVHPwtaaDNFAoC4M.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Q L_eRjm0p660.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Q L_eRjm0p660.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\q0Lfg4X0PkE9ZS3se1w.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\q0Lfg4X0PkE9ZS3se1w.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Qb6Lbi3WGNkGm5Fsb.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Qb6Lbi3WGNkGm5Fsb.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\qbqMc7tqk0OHjo.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\qbqMc7tqk0OHjo.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\qTCI3UPJCaElwZ_kQFs.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\qTCI3UPJCaElwZ_kQFs.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Q_es8BFAzUXGF.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Q_es8BFAzUXGF.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\RIx2rmbVwqoW8.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\RIx2rmbVwqoW8.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Roaming.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Roaming.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\S4LV8G9lLMuVvhD_.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\S4LV8G9lLMuVvhD_.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\SIFDsK.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\SIFDsK.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\stJWiNDshLbYz6A9e0.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\stJWiNDshLbYz6A9e0.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\T gX8S1T5U1t 9tD.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\T gX8S1T5U1t 9tD.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\TA-U1akG-mw78dYQNm.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\TA-U1akG-mw78dYQNm.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\TfjqF8FdQ404OO.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\TfjqF8FdQ404OO.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\tHoIqZLKj.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\tHoIqZLKj.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\TP9I5YPYS.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\TP9I5YPYS.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\TV3NN Qo4 w.ots.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\TV3NN Qo4 w.ots.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Tw_5ny7FyIp.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Tw_5ny7FyIp.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\uN4nA4DRfP80JeW.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\uN4nA4DRfP80JeW.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\upps V-.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\upps V-.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\v61SZlNC.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\v61SZlNC.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Videos.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Videos.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\vRIJHQaZ.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\vRIJHQaZ.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\vS-mM6Yaz.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\vS-mM6Yaz.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\w2eHCyHwy.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\w2eHCyHwy.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\W3Uw1oRrwQb.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\W3Uw1oRrwQb.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\WeiIllxySwU.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\WeiIllxySwU.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\xSsaFQ.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\xSsaFQ.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\XyWL728 6b.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\XyWL728 6b.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\xZ9DxfsKHn.flv.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\xZ9DxfsKHn.flv.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\y0sUcd8oq2UUq_m1.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\y0sUcd8oq2UUq_m1.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\yn-egCRnTLsz.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\yn-egCRnTLsz.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\ypIjGMI49qBzsbmxtX.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\ypIjGMI49qBzsbmxtX.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\z01dg_PvySCMBo21f.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\z01dg_PvySCMBo21f.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Z36qw0cQIhLjR.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Z36qw0cQIhLjR.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Z9V-uLii6iQFFW.flv.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Z9V-uLii6iQFFW.flv.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\ZMyqqk.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\ZMyqqk.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\zPlwGU07 kcnw.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\zPlwGU07 kcnw.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Zs9yv3z4sFjAieyNtlT (2).lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Zs9yv3z4sFjAieyNtlT (2).lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Zs9yv3z4sFjAieyNtlT.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Zs9yv3z4sFjAieyNtlT.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\ZWhDza.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\ZWhDza.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\_vJflW.flv.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\_vJflW.flv.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\1bc9bbbe61f14501.automaticDestinations-ms | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\1bc9bbbe61f14501.automaticDestinations-ms | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\319f01bf9fe00f2d.automaticDestinations-ms | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\319f01bf9fe00f2d.automaticDestinations-ms | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Get Info | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config | type = file_type |
|
2 | |
| Get Info | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\T1.exe.config | type = file_attributes |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Local\screen.jpg | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Local\Temp\don.bmp | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\0iZpa3zd4g8L.mkv | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\0iZpa3zd4g8L.mkv | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\0iZpa3zd4g8L.mkv | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\0iZpa3zd4g8L.mkv | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\0iZpa3zd4g8L.mkv.happy | type = file_attributes |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\15xo6kifu pmSmCyy-0r.m4a | type = file_type |
|
4 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\15xo6kifu pmSmCyy-0r.m4a | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\15xo6kifu pmSmCyy-0r.m4a | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\15xo6kifu pmSmCyy-0r.m4a.happy | type = file_attributes |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\1HGO.pps | type = file_type |
|
4 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\1HGO.pps | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\1HGO.pps | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\1HGO.pps.happy | type = file_attributes |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\1XHufR-DxIGxuK V.gif | type = file_type |
|
4 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\1XHufR-DxIGxuK V.gif | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\1XHufR-DxIGxuK V.gif | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\1XHufR-DxIGxuK V.gif.happy | type = file_attributes |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\5N0mP.mp3 | type = file_type |
|
4 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\5N0mP.mp3 | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\5N0mP.mp3 | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\5N0mP.mp3.happy | type = file_attributes |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\6jKSrZJ88Nt.wav | type = file_type |
|
4 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\6jKSrZJ88Nt.wav | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\6jKSrZJ88Nt.wav | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\6jKSrZJ88Nt.wav.happy | type = file_attributes |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\7h3QF4wV.mkv | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\7h3QF4wV.mkv | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\7h3QF4wV.mkv | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\7h3QF4wV.mkv | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\7h3QF4wV.mkv.happy | type = file_attributes |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\aF5hPNlB271.ppt | type = file_type |
|
4 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\aF5hPNlB271.ppt | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\aF5hPNlB271.ppt | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\aF5hPNlB271.ppt.happy | type = file_attributes |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\BWs 3bhQ1.avi | type = file_type |
|
4 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\BWs 3bhQ1.avi | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\BWs 3bhQ1.avi | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\BWs 3bhQ1.avi.happy | type = file_attributes |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\cjaeW XgxzGyM50.doc | type = file_type |
|
4 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\cjaeW XgxzGyM50.doc | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\cjaeW XgxzGyM50.doc | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\cjaeW XgxzGyM50.doc.happy | type = file_attributes |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\EPWxIuv.wav | type = file_type |
|
4 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\EPWxIuv.wav | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\EPWxIuv.wav | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\EPWxIuv.wav.happy | type = file_attributes |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\E_YYe_Gq1htVp.m4a | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\E_YYe_Gq1htVp.m4a | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\E_YYe_Gq1htVp.m4a | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\E_YYe_Gq1htVp.m4a | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\E_YYe_Gq1htVp.m4a.happy | type = file_attributes |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\FDO8HMeSGmQJ.mp3 | type = file_type |
|
4 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Calendar insights.xltm.happy | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Calendar insights.xltm |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\ReadMe.htm | size = 16640 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\ReadMe.htm | size = 126992 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\ReadMe.htm | size = 16640 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll | size = 324096 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf | size = 186848 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\A3DUtils.dll | size = 166912 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe | size = 288256 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Acrofx32.dll | size = 79040 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ACE.dll | size = 954368 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll | size = 23970816 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | size = 2227712 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe | size = 29184 |
|
1 | |
| Write | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Cashflow analysis.xltm | size = 380016 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Res.dll | size = 14712832 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroSup64.dll | size = 116736 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe | size = 45056 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe | size = 138752 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Adobe.Reader.Dependencies.manifest | size = 1824 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe | size = 886784 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeLinguistic.dll | size = 516608 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\adoberfp.dll | size = 284256 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeXMP.dll | size = 306784 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AGM.dll | size = 5135872 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AGMGPUOptIn.ini | size = 1728 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ahclient.dll | size = 272064 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIDE.dll | size = 1141856 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe | size = 86704 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AXE8SharedExpat.dll | size = 199168 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AXSLE.dll | size = 625152 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\BIB.dll | size = 119296 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\BIBUtils.dll | size = 158208 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_asym.dll | size = 217616 |
|
2 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_base.dll | size = 404496 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_base_non_fips.dll | size = 379920 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_ecc.dll | size = 504336 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Click on 'Change' to select default PDF handler.pdf | size = 186848 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Click on 'Change' to select default PDF handler.pdf | size = 186848 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\CoolType.dll | size = 2927616 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\cryptocme.dll | size = 218640 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\cryptocme.sig | size = 2944 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\DirectInk.dll | size = 131072 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe | size = 86112 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ExtendScript.dll | size = 662192 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\icudt40.dll | size = 96944 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\icucnv40.dll | size = 881328 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\logsession.dll | size = 401504 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\JP2KLib.dll | size = 770560 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Onix32.dll | size = 762544 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe | size = 353888 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\PDFPrevHndlr.dll | size = 97456 |
|
2 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\PDFSigQFormalRep.pdf | size = 468208 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\PDFSigQFormalRep.pdf | size = 468208 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\pe.dll | size = 1478320 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\pmd.cer | size = 432 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe | size = 53856 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\rt3d.dll | size = 1591904 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\RTC.der | size = 1104 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ScCore.dll | size = 587952 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\sqlite.dll | size = 323168 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\sqlite.dll | size = 323184 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ViewerPS.dll | size = 17072 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Welcome.pdf | size = 77504 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe | size = 116928 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\AppCenter_R.aapp | size = 304 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\CollectSignatures.aapp | size = 384 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Combine_R_RHP.aapp | size = 416 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Certificates_R.aapp | size = 704 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Comments.aapp | size = 3728 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\CPDF_Full.aapp | size = 384 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\CPDF_RHP.aapp | size = 384 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Edit_R_Exp_RHP.aapp | size = 416 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Edit_R_Full.aapp | size = 416 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Compare_R_RHP.aapp | size = 448 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Edit_R_RHP.aapp | size = 416 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\EPDF_Full.aapp | size = 400 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\EPDF_RHP.aapp | size = 416 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Home.aapp | size = 368 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Measure.aapp | size = 592 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\MoreTools.aapp | size = 352 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\FillSign.aapp | size = 2688 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Pages_R_RHP.aapp | size = 416 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Protect_R_RHP.aapp | size = 448 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\OptimizePDF_R_RHP.aapp | size = 448 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Scan_R_RHP.aapp | size = 464 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Stamp.aapp | size = 576 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\TrackedSend.aapp | size = 400 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Viewer.aapp | size = 304 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Redact_R_RHP.aapp | size = 416 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef_100_percent.pak | size = 16 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef_200_percent.pak | size = 16 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef_extensions.pak | size = 16 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef.pak | size = 16 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\chrome_elf.dll | size = 439296 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\COPYING.LGPLv2.1.txt | size = 27040 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\d3dcompiler_43.dll | size = 2106224 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\d3dcompiler_47.dll | size = 3747520 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudt.dll | size = 10177024 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudtl.dat | size = 16 |
|
1 | |
|
For performance reasons, the remaining 2173 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
Registry (88)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\XML | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\SOFTWARE\Microsoft\.NETFramework\XML | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\AppContext | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\System.Net.ServicePointManager.SecurityProtocol | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\T1\T1\1.0.0.0 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | - |
|
2 | |
| Open Key | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | - |
|
3 | |
| Open Key | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | - |
|
3 | |
| Open Key | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | - |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework | value_name = DbgJITDebugLaunchSetting, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework | value_name = DbgManagedDebugger, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | value_name = TZI, type = REG_BINARY |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST | value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST | value_name = FirstEntry, data = 2007, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST | value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST | value_name = LastEntry, data = 2008, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST | value_name = 2007, type = REG_BINARY |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST | value_name = 2008, type = REG_BINARY |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | value_name = MUI_Display, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | value_name = MUI_Display, data = @tzres.dll,-670, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | value_name = MUI_Std, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | value_name = MUI_Std, data = @tzres.dll,-672, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | value_name = MUI_Dlt, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | value_name = MUI_Dlt, data = @tzres.dll,-671, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion | value_name = InstallationType, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion | value_name = InstallationType, data = Client, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 | value_name = HWRPortReuseOnSocketBind, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 | value_name = SchUseStrongCrypto, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | value_name = Cortana, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system | value_name = DisableTaskMgr, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system | value_name = DisableRegistryTools, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings | value_name = Enabled, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework | value_name = LegacyWPADSupport, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | value_name = Cortana, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | value_name = Cortana, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | value_name = Cortana, data = 0, type = REG_SZ |
|
3 | |
| Read Value | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | value_name = Cortana, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | value_name = Cortana, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | value_name = Cortana, data = 0, type = REG_SZ |
|
3 | |
| Read Value | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | value_name = Cortana, data = 0, type = REG_SZ |
|
2 | |
| Write Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | value_name = Cortana, data = C:\Users\CIiHmnxMn6Ps\Desktop\T1.exe, size = 74, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system | value_name = DisableTaskMgr, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system | value_name = DisableRegistryTools, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings | value_name = Enabled, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | value_name = Cortana, data = C:\Users\CIiHmnxMn6Ps\Desktop\T1.exe, size = 74, type = REG_SZ |
|
2 | |
| Write Value | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | value_name = Cortana, data = C:\Users\CIiHmnxMn6Ps\Desktop\T1.exe, size = 74, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | value_name = Cortana, data = C:\Users\CIiHmnxMn6Ps\Desktop\T1.exe, size = 74, type = REG_SZ |
|
3 | |
| Write Value | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | value_name = Cortana, data = C:\Users\CIiHmnxMn6Ps\Desktop\T1.exe, size = 74, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | value_name = Cortana, data = C:\Users\CIiHmnxMn6Ps\Desktop\T1.exe, size = 74, type = REG_SZ |
|
3 | |
| Write Value | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | value_name = Cortana, data = C:\Users\CIiHmnxMn6Ps\Desktop\T1.exe, size = 74, type = REG_SZ |
|
2 |
Process (2)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | wmic.exe | show_window = SW_HIDE |
|
1 | |
| Create | cmd.exe | show_window = SW_HIDE |
|
1 |
Module (98)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | comctl32.dll | base_address = 0x72070000 |
|
1 | |
| Load | comctl32.dll | base_address = 0x71b00000 |
|
1 | |
| Load | C:\Windows\Microsoft.NET\Framework\v4.0.30319\\wminet_utils.dll | base_address = 0x70820000 |
|
1 | |
| Load | C:\Windows\system32\en-US\tzres.dll.mui | base_address = 0x7ed0001 |
|
3 | |
| Load | bcrypt | base_address = 0x71960000 |
|
1 | |
| Get Handle | comctl32.dll | base_address = 0x0 |
|
2 | |
| Get Handle | c:\windows\syswow64\user32.dll | base_address = 0x76c70000 |
|
1 | |
| Get Handle | c:\users\ciihmnxmn6ps\desktop\t1.exe | base_address = 0xa70000 |
|
12 | |
| Get Handle | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_49c02355cf03478c\comctl32.dll | base_address = 0x72070000 |
|
20 | |
| Get Handle | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849\comctl32.dll | base_address = 0x71b00000 |
|
3 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x74f40000 |
|
1 | |
| Get Filename | c:\users\ciihmnxmn6ps\desktop\t1.exe | process_name = c:\users\ciihmnxmn6ps\desktop\t1.exe, file_name_orig = C:\Users\CIiHmnxMn6Ps\Desktop\T1.exe, size = 2048 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = DefWindowProcW, address_out = 0x7772caa0 |
|
1 | |
| Get Address | Unknown module name | function = ResetSecurity, address_out = 0x708224de |
|
1 | |
| Get Address | Unknown module name | function = SetSecurity, address_out = 0x70822520 |
|
1 | |
| Get Address | Unknown module name | function = BlessIWbemServices, address_out = 0x70821c69 |
|
1 | |
| Get Address | Unknown module name | function = BlessIWbemServicesObject, address_out = 0x70821cbb |
|
1 | |
| Get Address | Unknown module name | function = GetPropertyHandle, address_out = 0x708221b4 |
|
1 | |
| Get Address | Unknown module name | function = WritePropertyValue, address_out = 0x70822617 |
|
1 | |
| Get Address | Unknown module name | function = Clone, address_out = 0x70821d0d |
|
2 | |
| Get Address | Unknown module name | function = VerifyClientKey, address_out = 0x708225b4 |
|
1 | |
| Get Address | Unknown module name | function = GetQualifierSet, address_out = 0x70822215 |
|
1 | |
| Get Address | Unknown module name | function = Get, address_out = 0x708220d4 |
|
1 | |
| Get Address | Unknown module name | function = Put, address_out = 0x708222be |
|
1 | |
| Get Address | Unknown module name | function = Delete, address_out = 0x70821f31 |
|
1 | |
| Get Address | Unknown module name | function = GetNames, address_out = 0x70822182 |
|
1 | |
| Get Address | Unknown module name | function = BeginEnumeration, address_out = 0x70821c43 |
|
1 | |
| Get Address | Unknown module name | function = Next, address_out = 0x70822283 |
|
1 | |
| Get Address | Unknown module name | function = EndEnumeration, address_out = 0x70821fc2 |
|
1 | |
| Get Address | Unknown module name | function = GetPropertyQualifierSet, address_out = 0x708221ff |
|
1 | |
| Get Address | Unknown module name | function = GetObjectText, address_out = 0x7082219e |
|
1 | |
| Get Address | Unknown module name | function = SpawnDerivedClass, address_out = 0x70822566 |
|
1 | |
| Get Address | Unknown module name | function = SpawnInstance, address_out = 0x7082257c |
|
1 | |
| Get Address | Unknown module name | function = CompareTo, address_out = 0x70821d8d |
|
1 | |
| Get Address | Unknown module name | function = GetPropertyOrigin, address_out = 0x708221e9 |
|
1 | |
| Get Address | Unknown module name | function = InheritsFrom, address_out = 0x70822228 |
|
1 | |
| Get Address | Unknown module name | function = GetMethod, address_out = 0x7082213a |
|
1 | |
| Get Address | Unknown module name | function = PutMethod, address_out = 0x708223da |
|
1 | |
| Get Address | Unknown module name | function = DeleteMethod, address_out = 0x70821f44 |
|
1 | |
| Get Address | Unknown module name | function = BeginMethodEnumeration, address_out = 0x70821c56 |
|
1 | |
| Get Address | Unknown module name | function = NextMethod, address_out = 0x708222a2 |
|
1 | |
| Get Address | Unknown module name | function = EndMethodEnumeration, address_out = 0x70821fd2 |
|
1 | |
| Get Address | Unknown module name | function = GetMethodQualifierSet, address_out = 0x7082216c |
|
1 | |
| Get Address | Unknown module name | function = GetMethodOrigin, address_out = 0x70822156 |
|
1 | |
| Get Address | Unknown module name | function = QualifierSet_Get, address_out = 0x7082242c |
|
1 | |
| Get Address | Unknown module name | function = QualifierSet_Put, address_out = 0x7082247a |
|
1 | |
| Get Address | Unknown module name | function = QualifierSet_Delete, address_out = 0x70822409 |
|
1 | |
| Get Address | Unknown module name | function = QualifierSet_GetNames, address_out = 0x70822448 |
|
1 | |
| Get Address | Unknown module name | function = QualifierSet_BeginEnumeration, address_out = 0x708223f6 |
|
1 | |
| Get Address | Unknown module name | function = QualifierSet_Next, address_out = 0x7082245e |
|
1 | |
| Get Address | Unknown module name | function = QualifierSet_EndEnumeration, address_out = 0x7082241c |
|
1 | |
| Get Address | Unknown module name | function = GetCurrentApartmentType, address_out = 0x70822215 |
|
1 | |
| Get Address | Unknown module name | function = GetDemultiplexedStub, address_out = 0x708220f3 |
|
1 | |
| Get Address | Unknown module name | function = CreateInstanceEnumWmi, address_out = 0x70821ebb |
|
1 | |
| Get Address | Unknown module name | function = CreateClassEnumWmi, address_out = 0x70821e45 |
|
1 | |
| Get Address | Unknown module name | function = ExecQueryWmi, address_out = 0x7082205b |
|
1 | |
| Get Address | Unknown module name | function = ExecNotificationQueryWmi, address_out = 0x70821fe2 |
|
1 | |
| Get Address | Unknown module name | function = PutInstanceWmi, address_out = 0x7082235a |
|
1 | |
| Get Address | Unknown module name | function = PutClassWmi, address_out = 0x708222da |
|
1 | |
| Get Address | Unknown module name | function = CloneEnumWbemClassObject, address_out = 0x70821d20 |
|
1 | |
| Get Address | Unknown module name | function = ConnectServerWmi, address_out = 0x70821da3 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentPackageId, address_out = 0x75243c90 |
|
1 |
User (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Lookup Privilege | privilege = SeDebugPrivilege, luid = 20 |
|
1 |
Window (28)
| Operation | Window Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | - | class_name = WindowsForms10.Window.8.app.0.141b42a_r12_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | .NET-BroadcastEventWindow.4.0.0.0.141b42a.0 | class_name = .NET-BroadcastEventWindow.4.0.0.0.141b42a.0, wndproc_parameter = 0 |
|
1 | |
| Create | Form1 | class_name = WindowsForms10.Window.8.app.0.141b42a_r12_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | - | class_name = WindowsForms10.Window.0.app.0.141b42a_r12_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | Decrypt | class_name = WindowsForms10.BUTTON.app.0.141b42a_r12_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | Encrypt | class_name = WindowsForms10.BUTTON.app.0.141b42a_r12_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | TimerNativeWindow | class_name = WindowsForms10.Window.0.app.0.141b42a_r12_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | TimerNativeWindow | class_name = WindowsForms10.Window.0.app.0.141b42a_r12_ad1, wndproc_parameter = 0 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.Window.8.app.0.141b42a_r12_ad1, index = 18446744073709551612, new_long = 2004011680 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.Window.8.app.0.141b42a_r12_ad1, index = 18446744073709551612, new_long = 44434982 |
|
1 | |
| Set Attribute | Form1 | class_name = WindowsForms10.Window.8.app.0.141b42a_r12_ad1, index = 18446744073709551612, new_long = 2004011680 |
|
1 | |
| Set Attribute | Form1 | class_name = WindowsForms10.Window.8.app.0.141b42a_r12_ad1, index = 18446744073709551612, new_long = 44435102 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.Window.0.app.0.141b42a_r12_ad1, index = 18446744073709551612, new_long = 2004011680 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.Window.0.app.0.141b42a_r12_ad1, index = 18446744073709551612, new_long = 44435182 |
|
1 | |
| Set Attribute | Form1 | class_name = WindowsForms10.Window.8.app.0.141b42a_r12_ad1, index = 18446744073709551608, new_long = 393692 |
|
1 | |
| Set Attribute | Form1 | class_name = WindowsForms10.Window.8.app.0.141b42a_r12_ad1, index = 18446744073709551608, new_long = 393692 |
|
1 | |
| Set Attribute | Form1 | class_name = WindowsForms10.Window.8.app.0.141b42a_r12_ad1, index = 18446744073709551600, new_long = 50397184 |
|
1 | |
| Set Attribute | Form1 | class_name = WindowsForms10.Window.8.app.0.141b42a_r12_ad1, index = 18446744073709551596, new_long = 589824 |
|
1 | |
| Set Attribute | Decrypt | class_name = WindowsForms10.BUTTON.app.0.141b42a_r12_ad1, index = 18446744073709551612, new_long = 1907876544 |
|
1 | |
| Set Attribute | Decrypt | class_name = WindowsForms10.BUTTON.app.0.141b42a_r12_ad1, index = 18446744073709551612, new_long = 44435302 |
|
1 | |
| Set Attribute | Decrypt | class_name = WindowsForms10.BUTTON.app.0.141b42a_r12_ad1, index = 18446744073709551604, new_long = 786484 |
|
1 | |
| Set Attribute | Encrypt | class_name = WindowsForms10.BUTTON.app.0.141b42a_r12_ad1, index = 18446744073709551612, new_long = 1907876544 |
|
1 | |
| Set Attribute | Encrypt | class_name = WindowsForms10.BUTTON.app.0.141b42a_r12_ad1, index = 18446744073709551612, new_long = 44435342 |
|
1 | |
| Set Attribute | Encrypt | class_name = WindowsForms10.BUTTON.app.0.141b42a_r12_ad1, index = 18446744073709551604, new_long = 131594 |
|
1 | |
| Set Attribute | TimerNativeWindow | class_name = WindowsForms10.Window.0.app.0.141b42a_r12_ad1, index = 18446744073709551612, new_long = 2004011680 |
|
1 | |
| Set Attribute | TimerNativeWindow | class_name = WindowsForms10.Window.0.app.0.141b42a_r12_ad1, index = 18446744073709551612, new_long = 44435222 |
|
1 | |
| Set Attribute | TimerNativeWindow | class_name = WindowsForms10.Window.0.app.0.141b42a_r12_ad1, index = 18446744073709551612, new_long = 2004011680 |
|
1 | |
| Set Attribute | TimerNativeWindow | class_name = WindowsForms10.Window.0.app.0.141b42a_r12_ad1, index = 18446744073709551612, new_long = 44435494 |
|
1 |
Keyboard (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | type = KB_LOCALE_ID, os_tid = 0, result_out = 67699721 |
|
2 |
System (268)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open Certificate Store | encoding_type = 65537, flags = 8708 |
|
1 | |
| Open Certificate Store | encoding_type = 65537, flags = 8708 |
|
1 | |
| Sleep | duration = -1 (infinite) |
|
1 | |
| Sleep | duration = 100000 milliseconds (100.000 seconds) |
|
1 | |
| Sleep | duration = 89984 milliseconds (89.984 seconds) |
|
1 | |
| Sleep | duration = 79984 milliseconds (79.984 seconds) |
|
1 | |
| Sleep | duration = 5000 milliseconds (5.000 seconds) |
|
1 | |
| Sleep | duration = 850 milliseconds (0.850 seconds) |
|
1 | |
| Sleep | duration = 2000 milliseconds (2.000 seconds) |
|
1 | |
| Sleep | duration = 69969 milliseconds (69.969 seconds) |
|
1 | |
| Sleep | duration = 0 milliseconds (0.000 seconds) |
|
200 | |
| Sleep | duration = 5 milliseconds (0.005 seconds) |
|
26 | |
| Sleep | duration = 59734 milliseconds (59.734 seconds) |
|
1 | |
| Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Sleep | duration = 49578 milliseconds (49.578 seconds) |
|
1 | |
| Sleep | duration = 39359 milliseconds (39.359 seconds) |
|
1 | |
| Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
28 |
Mutex (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Create | - |
|
1 | |
| Release | - |
|
1 |
Environment (16)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | name = tmp, result_out = C:\Users\CIIHMN~1\AppData\Local\Temp |
|
1 | |
| Get Environment String | name = localappdata, result_out = C:\Users\CIiHmnxMn6Ps\AppData\Local |
|
2 | |
| Get Environment String | name = PinnableBufferCache_System.Net.SslStream_Disabled |
|
2 | |
| Get Environment String | name = PinnableBufferCache_System.Net.SslStream_MinCount |
|
2 | |
| Get Environment String | name = ProgramFiles, result_out = C:\Program Files (x86) |
|
1 | |
| Get Environment String | name = appdata, result_out = C:\Users\CIiHmnxMn6Ps\AppData\Roaming |
|
1 | |
| Get Environment String | name = SystemRoot, result_out = C:\Windows |
|
1 | |
| Get Environment String | name = PROGRAMFILES(x86), result_out = C:\Program Files (x86) |
|
1 | |
| Get Environment String | name = systemroot, result_out = C:\Windows |
|
1 | |
| Get Environment String | name = PinnableBufferCache_System.Net.HttpWebRequest_Disabled |
|
1 | |
| Get Environment String | name = PinnableBufferCache_System.Net.HttpWebRequest_MinCount |
|
1 | |
| Get Environment String | name = PinnableBufferCache_System.Net.Connection_Disabled |
|
1 | |
| Get Environment String | name = PinnableBufferCache_System.Net.Connection_MinCount |
|
1 |
Network Behavior
DNS (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Resolve Name | host = mail.gmx.net, address_out = 212.227.17.168, 212.227.17.190 |
|
1 | |
| Resolve Name | host = finndev.net, address_out = 91.134.128.42 |
|
1 |
TCP Sessions (2)
| Information | Value |
|---|---|
| Total Data Sent | 1.10 MB |
| Total Data Received | 230.43 KB |
| Contacted Host Count | 2 |
| Contacted Hosts | 212.227.17.168:587, 91.134.128.42:443 |
TCP Session #1
| Information | Value |
|---|---|
| Handle | 0x590 |
| Address Family | AF_INET |
| Type | SOCK_STREAM |
| Protocol | IPPROTO_TCP |
| Remote Address | 212.227.17.168 |
| Remote Port | 587 |
| Local Address | 0.0.0.0 |
| Local Port | 49426 |
| Data Sent | 1.10 MB |
| Data Received | 5.84 KB |
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Create | protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM |
|
1 | |
| Connect | remote_address = 212.227.17.168, remote_port = 587 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 256, size_out = 52 |
|
1 | |
| Send | flags = NO_FLAG_SET, size = 14, size_out = 14 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 256, size_out = 113 |
|
1 | |
| Send | flags = NO_FLAG_SET, size = 10, size_out = 10 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 256, size_out = 8 |
|
1 | |
| Send | flags = NO_FLAG_SET, size = 176, size_out = 176 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 87, size_out = 87 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 4796, size_out = 4796 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 333, size_out = 333 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 4, size_out = 4 |
|
1 | |
| Send | flags = NO_FLAG_SET, size = 126, size_out = 126 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1, size_out = 1 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 40, size_out = 40 |
|
1 | |
| Send | flags = NO_FLAG_SET, size = 43, size_out = 43 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 123, size_out = 123 |
|
1 | |
| Send | flags = NO_FLAG_SET, size = 62, size_out = 62 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 42, size_out = 42 |
|
1 | |
| Send | flags = NO_FLAG_SET, size = 55, size_out = 55 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 54, size_out = 54 |
|
1 | |
| Send | flags = NO_FLAG_SET, size = 56, size_out = 56 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 67, size_out = 67 |
|
1 | |
| Send | flags = NO_FLAG_SET, size = 54, size_out = 54 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 32, size_out = 32 |
|
1 | |
| Send | flags = NO_FLAG_SET, size = 35, size_out = 35 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 70, size_out = 70 |
|
1 | |
| Send | flags = NO_FLAG_SET, size = 258, size_out = 258 |
|
1 | |
| Send | flags = NO_FLAG_SET, size = 175, size_out = 175 |
|
1 | |
| Send | flags = NO_FLAG_SET, size = 149, size_out = 149 |
|
1 | |
| Send | flags = NO_FLAG_SET, size = 211, size_out = 211 |
|
1 | |
| Send | flags = NO_FLAG_SET, size = 16384, size_out = 16384 |
|
70 | |
| Send | flags = NO_FLAG_SET, size = 9597, size_out = 9597 |
|
1 | |
| Send | flags = NO_FLAG_SET, size = 86, size_out = 86 |
|
1 | |
| Send | flags = NO_FLAG_SET, size = 31, size_out = 31 |
|
1 | |
| Send | flags = NO_FLAG_SET, size = 34, size_out = 34 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 96, size_out = 96 |
|
1 |
TCP Session #2
| Information | Value |
|---|---|
| Handle | 0x440 |
| Address Family | AF_INET |
| Type | SOCK_STREAM |
| Protocol | IPPROTO_TCP |
| Remote Address | 91.134.128.42 |
| Remote Port | 443 |
| Local Address | 0.0.0.0 |
| Local Port | 49429 |
| Data Sent | 409 bytes |
| Data Received | 224.59 KB |
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Create | protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM |
|
1 | |
| Connect | remote_address = 91.134.128.42, remote_port = 443 |
|
1 | |
| Send | flags = NO_FLAG_SET, size = 175, size_out = 175 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 93, size_out = 93 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 2806, size_out = 2806 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 589, size_out = 589 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 4, size_out = 4 |
|
1 | |
| Send | flags = NO_FLAG_SET, size = 126, size_out = 126 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1, size_out = 1 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 40, size_out = 40 |
|
1 | |
| Send | flags = NO_FLAG_SET, size = 108, size_out = 108 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 407, size_out = 407 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 2920, size_out = 2920 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 10160, size_out = 5835 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 4325, size_out = 4325 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 7264, size_out = 7264 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 11608, size_out = 5835 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5773, size_out = 5773 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 8712, size_out = 7295 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1417, size_out = 1417 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 8712, size_out = 1498 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 7214, size_out = 7214 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 4368, size_out = 4368 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 2920, size_out = 2920 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 4368, size_out = 4368 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 2920, size_out = 2920 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 2920, size_out = 2920 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 776, size_out = 776 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5816, size_out = 5816 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 2920, size_out = 2920 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1067 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 405, size_out = 405 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1848, size_out = 1848 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 |
Process #4: wmic.exe
17
0
| Information | Value |
|---|---|
| ID | #4 |
| File Name | c:\windows\syswow64\wbem\wmic.exe |
| Command Line | "C:\Windows\System32\wbem\WMIC.exe" shadowcopy delete |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:01:41, Reason: Child Process |
| Unmonitor | End Time: 00:01:56, Reason: Self Terminated |
| Monitor Duration | 00:00:15 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x334 |
| Parent PID | 0xf68 (c:\users\ciihmnxmn6ps\desktop\t1.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
1E0
0x
60C
0x
878
0x
E8C
0x
EA0
0x
ED8
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000470000 | 0x00470000 | 0x0048ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000470000 | 0x00470000 | 0x0047ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000480000 | 0x00480000 | 0x00483fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000490000 | 0x00490000 | 0x00491fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000490000 | 0x00490000 | 0x00490fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000004a0000 | 0x004a0000 | 0x004b3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000004c0000 | 0x004c0000 | 0x004fffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000500000 | 0x00500000 | 0x0053ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000540000 | 0x00540000 | 0x00543fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000550000 | 0x00550000 | 0x00550fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000560000 | 0x00560000 | 0x00561fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x00570000 | 0x0062dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000630000 | 0x00630000 | 0x0066ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000670000 | 0x00670000 | 0x0067ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000680000 | 0x00680000 | 0x006bffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000006c0000 | 0x006c0000 | 0x006c0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000006d0000 | 0x006d0000 | 0x006d3fff | Private Memory | rw |
|
|
|
- |
| msxml3r.dll | 0x006e0000 | 0x006e0fff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000000006f0000 | 0x006f0000 | 0x0070ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000710000 | 0x00710000 | 0x0080ffff | Private Memory | rw |
|
|
|
- |
| ole32.dll | 0x00810000 | 0x008f8fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000810000 | 0x00810000 | 0x0084ffff | Private Memory | rw |
|
|
|
- |
| imm32.dll | 0x00810000 | 0x00839fff | Memory Mapped File | r |
|
|
|
- |
| wmic.exe.mui | 0x00810000 | 0x0081ffff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000820000 | 0x00820000 | 0x00820fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000830000 | 0x00830000 | 0x00830fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000840000 | 0x00840000 | 0x0084ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000850000 | 0x00850000 | 0x0098ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000850000 | 0x00850000 | 0x0092ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000850000 | 0x00850000 | 0x00850fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000850000 | 0x00850000 | 0x00907fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000910000 | 0x00910000 | 0x00913fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000920000 | 0x00920000 | 0x0092ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000930000 | 0x00930000 | 0x0096ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000970000 | 0x00970000 | 0x0097cfff | Pagefile Backed Memory | rw |
|
|
|
- |
| wmiutils.dll.mui | 0x00970000 | 0x00974fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000980000 | 0x00980000 | 0x0098ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000990000 | 0x00990000 | 0x0099ffff | Private Memory | rw |
|
|
|
- |
| sortdefault.nls | 0x009a0000 | 0x00cd6fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000ce0000 | 0x00ce0000 | 0x00ebffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000ce0000 | 0x00ce0000 | 0x00deffff | Private Memory | rw |
|
|
|
- |
| kernelbase.dll.mui | 0x00ce0000 | 0x00dbefff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000de0000 | 0x00de0000 | 0x00deffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000df0000 | 0x00df0000 | 0x00e2ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000e30000 | 0x00e30000 | 0x00e6ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000e70000 | 0x00e70000 | 0x00eaffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000eb0000 | 0x00eb0000 | 0x00ebffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000ec0000 | 0x00ec0000 | 0x00fdffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000ec0000 | 0x00ec0000 | 0x00efffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000f00000 | 0x00f00000 | 0x00f3ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000f40000 | 0x00f40000 | 0x00f7ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000f80000 | 0x00f80000 | 0x00fbffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000fd0000 | 0x00fd0000 | 0x00fdffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000fe0000 | 0x00fe0000 | 0x011dffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000fe0000 | 0x00fe0000 | 0x01167fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000011d0000 | 0x011d0000 | 0x011dffff | Private Memory | rw |
|
|
|
- |
| wmic.exe | 0x01240000 | 0x012a3fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x00000000012b0000 | 0x012b0000 | 0x052affff | Pagefile Backed Memory | - |
|
|
|
- |
| private_0x00000000052b0000 | 0x052b0000 | 0x056affff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000056b0000 | 0x056b0000 | 0x05830fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000005840000 | 0x05840000 | 0x06c3ffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000006c40000 | 0x06c40000 | 0x06d5ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000006c40000 | 0x06c40000 | 0x06d3ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000006d50000 | 0x06d50000 | 0x06d5ffff | Private Memory | rw |
|
|
|
- |
| wow64cpu.dll | 0x5baa0000 | 0x5baa7fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x5bab0000 | 0x5bb22fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x5bb30000 | 0x5bb7efff | Memory Mapped File | rwx |
|
|
|
- |
| ucrtbase.dll | 0x6f710000 | 0x6f7ebfff | Memory Mapped File | rwx |
|
|
|
- |
| vcruntime140.dll | 0x6f7f0000 | 0x6f804fff | Memory Mapped File | rwx |
|
|
|
- |
| msoxmlmf.dll | 0x6f810000 | 0x6f81dfff | Memory Mapped File | rwx |
|
|
|
- |
| wininet.dll | 0x6f820000 | 0x6fa43fff | Memory Mapped File | rwx |
|
|
|
- |
| msxml3.dll | 0x6fa50000 | 0x6fbdffff | Memory Mapped File | rwx |
|
|
|
- |
| framedynos.dll | 0x6fcd0000 | 0x6fd0efff | Memory Mapped File | rwx |
|
|
|
- |
| iertutil.dll | 0x6fdf0000 | 0x700b0fff | Memory Mapped File | rwx |
|
|
|
- |
| urlmon.dll | 0x700c0000 | 0x7021ffff | Memory Mapped File | rwx |
|
|
|
- |
| fastprox.dll | 0x70740000 | 0x707fbfff | Memory Mapped File | rwx |
|
|
|
- |
| wbemsvc.dll | 0x70800000 | 0x70810fff | Memory Mapped File | rwx |
|
|
|
- |
| wbemprox.dll | 0x70830000 | 0x7083cfff | Memory Mapped File | rwx |
|
|
|
- |
| rsaenh.dll | 0x70840000 | 0x7086efff | Memory Mapped File | rwx |
|
|
|
- |
| wbemcomn.dll | 0x70870000 | 0x708d5fff | Memory Mapped File | rwx |
|
|
|
- |
| wmiutils.dll | 0x708e0000 | 0x708fdfff | Memory Mapped File | rwx |
|
|
|
- |
| cryptsp.dll | 0x70900000 | 0x70912fff | Memory Mapped File | rwx |
|
|
|
- |
| winnsi.dll | 0x709f0000 | 0x709f7fff | Memory Mapped File | rwx |
|
|
|
- |
| iphlpapi.dll | 0x70a00000 | 0x70a2ffff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x71960000 | 0x7197afff | Memory Mapped File | rwx |
|
|
|
- |
| dwmapi.dll | 0x74610000 | 0x7462cfff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x74630000 | 0x746a4fff | Memory Mapped File | rwx |
|
|
|
- |
| bcryptprimitives.dll | 0x74750000 | 0x747a8fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x747b0000 | 0x747b9fff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x747c0000 | 0x747ddfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x74a00000 | 0x74aabfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel.appcore.dll | 0x74ab0000 | 0x74abbfff | Memory Mapped File | rwx |
|
|
|
- |
| ws2_32.dll | 0x74d30000 | 0x74d8bfff | Memory Mapped File | rwx |
|
|
|
- |
| shlwapi.dll | 0x74da0000 | 0x74de3fff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x74df0000 | 0x74f0ffff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x74f10000 | 0x74f3afff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x74f40000 | 0x7502ffff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x75030000 | 0x7517cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x75190000 | 0x75305fff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x76c70000 | 0x76daffff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x76f20000 | 0x76fddfff | Memory Mapped File | rwx |
|
|
|
- |
| clbcatq.dll | 0x76fe0000 | 0x77061fff | Memory Mapped File | rwx |
|
|
|
- |
| nsi.dll | 0x770c0000 | 0x770c6fff | Memory Mapped File | rwx |
|
|
|
- |
| oleaut32.dll | 0x770d0000 | 0x77161fff | Memory Mapped File | rwx |
|
|
|
- |
| ole32.dll | 0x77170000 | 0x77259fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x772b0000 | 0x772f2fff | Memory Mapped File | rwx |
|
|
|
- |
| shcore.dll | 0x77300000 | 0x7738cfff | Memory Mapped File | rwx |
|
|
|
- |
| combase.dll | 0x77390000 | 0x77549fff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x77550000 | 0x775cafff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x776b0000 | 0x77828fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007ec47000 | 0x7ec47000 | 0x7ec49fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ec4a000 | 0x7ec4a000 | 0x7ec4cfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ec4d000 | 0x7ec4d000 | 0x7ec4ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000007ec50000 | 0x7ec50000 | 0x7ed4ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000007ed50000 | 0x7ed50000 | 0x7ed72fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007ed73000 | 0x7ed73000 | 0x7ed73fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ed76000 | 0x7ed76000 | 0x7ed78fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ed79000 | 0x7ed79000 | 0x7ed7bfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ed7c000 | 0x7ed7c000 | 0x7ed7efff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ed7f000 | 0x7ed7f000 | 0x7ed7ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7dfc57b4ffff | Private Memory | r |
|
|
|
- |
| pagefile_0x00007dfc57b50000 | 0x7dfc57b50000 | 0x7ffc57b4ffff | Pagefile Backed Memory | - |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00007ffc57d12000 | 0x7ffc57d12000 | 0x7ffffffeffff | Private Memory | r |
|
|
|
- |
Host Behavior
COM (7)
| Operation | Class | Interface | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Create | WBEMLocator | IWbemLocator | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Create | F6D90F12-9C73-11D3-B32E-00C04F990BB4 | 2933BF95-7B36-11D2-B20E-00C04F983E60 | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Create | EB87E1BD-3233-11D2-AEC9-00C04FB68820 | EB87E1BC-3233-11D2-AEC9-00C04FB68820 | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Execute | WBEMLocator | IWbemLocator | method_name = ConnectServer, network_resource = root\cli |
|
1 | |
| Execute | WBEMLocator | IWbemLocator | method_name = ConnectServer, network_resource = root\cli\ms_409 |
|
1 | |
| Execute | WBEMLocator | IWbemLocator | method_name = ConnectServer, network_resource = \\LHNIWSJ\ROOT\CIMV2 |
|
1 | |
| Execute | WBEMLocator | IWbemServices | method_name = ExecQuery, query_language = WQL, query = SELECT * FROM Win32_ShadowCopy |
|
1 |
Registry (5)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM | value_name = Logging, data = 48 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM | value_name = Logging Directory |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM | value_name = Logging Directory, data = 37 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM | value_name = Log File Max Size, data = 54 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\wbem\wmic.exe | base_address = 0x1240000 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Computer Name | result_out = LHNIWSJ |
|
1 | |
| Get Time | type = Local Time, time = 2019-01-25 03:58:07 (Local Time) |
|
1 | |
| Get Info | type = System Directory, result_out = C:\Windows\system32 |
|
1 |
Process #5: cmd.exe
57
0
| Information | Value |
|---|---|
| ID | #5 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | "C:\Windows\System32\cmd.exe" /c takeown /f C:\Windows\"." |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:01:41, Reason: Child Process |
| Unmonitor | End Time: 00:01:44, Reason: Self Terminated |
| Monitor Duration | 00:00:03 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xa8c |
| Parent PID | 0xf68 (c:\users\ciihmnxmn6ps\desktop\t1.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
A60
0x
AE8
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| cmd.exe | 0x00110000 | 0x0015ffff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x0000000000c20000 | 0x00c20000 | 0x04c1ffff | Pagefile Backed Memory | - |
|
|
|
- |
| private_0x0000000004c20000 | 0x04c20000 | 0x04c3ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000004c20000 | 0x04c20000 | 0x04c2ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000004c30000 | 0x04c30000 | 0x04c33fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004c40000 | 0x04c40000 | 0x04c41fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004c40000 | 0x04c40000 | 0x04c43fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000004c50000 | 0x04c50000 | 0x04c63fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000004c70000 | 0x04c70000 | 0x04caffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004cb0000 | 0x04cb0000 | 0x04daffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000004db0000 | 0x04db0000 | 0x04db3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000004dc0000 | 0x04dc0000 | 0x04dc0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000004dd0000 | 0x04dd0000 | 0x04dd1fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004de0000 | 0x04de0000 | 0x04e1ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004e30000 | 0x04e30000 | 0x04e3ffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x04e40000 | 0x04efdfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000004fd0000 | 0x04fd0000 | 0x050cffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000050d0000 | 0x050d0000 | 0x051cffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000053a0000 | 0x053a0000 | 0x053affff | Private Memory | rw |
|
|
|
- |
| sortdefault.nls | 0x053b0000 | 0x056e6fff | Memory Mapped File | r |
|
|
|
- |
| wow64cpu.dll | 0x5baa0000 | 0x5baa7fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x5bab0000 | 0x5bb22fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x5bb30000 | 0x5bb7efff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x74f40000 | 0x7502ffff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x75190000 | 0x75305fff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x76f20000 | 0x76fddfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x776b0000 | 0x77828fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000000007f440000 | 0x7f440000 | 0x7f53ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000007f540000 | 0x7f540000 | 0x7f562fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f565000 | 0x7f565000 | 0x7f565fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f568000 | 0x7f568000 | 0x7f56afff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f56b000 | 0x7f56b000 | 0x7f56bfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f56d000 | 0x7f56d000 | 0x7f56ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7dfc57b4ffff | Private Memory | r |
|
|
|
- |
| pagefile_0x00007dfc57b50000 | 0x7dfc57b50000 | 0x7ffc57b4ffff | Pagefile Backed Memory | - |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00007ffc57d12000 | 0x7ffc57d12000 | 0x7ffffffeffff | Private Memory | r |
|
|
|
- |
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop | type = file_attributes |
|
2 | |
| Open | STD_OUTPUT_HANDLE | - |
|
5 | |
| Open | STD_INPUT_HANDLE | - |
|
3 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 24, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\takeown.exe | os_pid = 0x718, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\cmd.exe | base_address = 0x110000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x74f40000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadUILanguage, address_out = 0x74f82780 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileExW, address_out = 0x74f5fa80 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsDebuggerPresent, address_out = 0x74f5a790 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x752a35c0 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\CIiHmnxMn6Ps\Desktop |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000001 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #8: takeown.exe
0
0
| Information | Value |
|---|---|
| ID | #8 |
| File Name | c:\windows\syswow64\takeown.exe |
| Command Line | takeown /f C:\Windows\"." |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:01:42, Reason: Child Process |
| Unmonitor | End Time: 00:01:44, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x718 |
| Parent PID | 0xa8c (c:\windows\syswow64\cmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
C10
0x
858
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x00000000007c0000 | 0x007c0000 | 0x007dffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000007c0000 | 0x007c0000 | 0x007cffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000000007d0000 | 0x007d0000 | 0x007d3fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000007e0000 | 0x007e0000 | 0x007e1fff | Private Memory | rw |
|
|
|
- |
| takeown.exe.mui | 0x007e0000 | 0x007e4fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00000000007f0000 | 0x007f0000 | 0x00803fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000810000 | 0x00810000 | 0x0084ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000850000 | 0x00850000 | 0x0088ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000890000 | 0x00890000 | 0x00893fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000008a0000 | 0x008a0000 | 0x008a0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000008b0000 | 0x008b0000 | 0x008b1fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x008c0000 | 0x0097dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000980000 | 0x00980000 | 0x009bffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000009c0000 | 0x009c0000 | 0x009c0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000009d0000 | 0x009d0000 | 0x009d0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000009e0000 | 0x009e0000 | 0x009effff | Private Memory | rw |
|
|
|
- |
| private_0x00000000009f0000 | 0x009f0000 | 0x00a2ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000ad0000 | 0x00ad0000 | 0x00bcffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000d50000 | 0x00d50000 | 0x00d5ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000d60000 | 0x00d60000 | 0x00ee7fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000ef0000 | 0x00ef0000 | 0x01070fff | Pagefile Backed Memory | r |
|
|
|
- |
| takeown.exe | 0x012c0000 | 0x012cffff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x00000000012d0000 | 0x012d0000 | 0x052cffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00000000052d0000 | 0x052d0000 | 0x066cffff | Pagefile Backed Memory | r |
|
|
|
- |
| wow64cpu.dll | 0x5baa0000 | 0x5baa7fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x5bab0000 | 0x5bb22fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x5bb30000 | 0x5bb7efff | Memory Mapped File | rwx |
|
|
|
- |
| version.dll | 0x74520000 | 0x74527fff | Memory Mapped File | rwx |
|
|
|
- |
| bcryptprimitives.dll | 0x74750000 | 0x747a8fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x747b0000 | 0x747b9fff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x747c0000 | 0x747ddfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x74a00000 | 0x74aabfff | Memory Mapped File | rwx |
|
|
|
- |
| shlwapi.dll | 0x74da0000 | 0x74de3fff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x74df0000 | 0x74f0ffff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x74f10000 | 0x74f3afff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x74f40000 | 0x7502ffff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x75030000 | 0x7517cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x75190000 | 0x75305fff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x76c70000 | 0x76daffff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x76f20000 | 0x76fddfff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x772b0000 | 0x772f2fff | Memory Mapped File | rwx |
|
|
|
- |
| combase.dll | 0x77390000 | 0x77549fff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x776b0000 | 0x77828fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000000007f630000 | 0x7f630000 | 0x7f72ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000007f730000 | 0x7f730000 | 0x7f752fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f758000 | 0x7f758000 | 0x7f75afff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f75b000 | 0x7f75b000 | 0x7f75dfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f75e000 | 0x7f75e000 | 0x7f75efff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f75f000 | 0x7f75f000 | 0x7f75ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7dfc57b4ffff | Private Memory | r |
|
|
|
- |
| pagefile_0x00007dfc57b50000 | 0x7dfc57b50000 | 0x7ffc57b4ffff | Pagefile Backed Memory | - |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00007ffc57d12000 | 0x7ffc57d12000 | 0x7ffffffeffff | Private Memory | r |
|
|
|
- |
Process #10: t1.exe
0
0
| Information | Value |
|---|---|
| ID | #10 |
| File Name | c:\users\ciihmnxmn6ps\desktop\t1.exe |
| Command Line | "C:\Users\CIiHmnxMn6Ps\Desktop\T1.exe" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:03:07, Reason: Autostart |
| Unmonitor | End Time: 00:03:07, Reason: Self Terminated |
| Monitor Duration | 00:00:00 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x90c |
| Parent PID | 0x674 (c:\windows\explorer.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
910
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| t1.exe | 0x00110000 | 0x0011bfff | Memory Mapped File | rwx |
|
|
|
|
| private_0x0000000000120000 | 0x00120000 | 0x0013ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000140000 | 0x00140000 | 0x00141fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000150000 | 0x00150000 | 0x00163fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000170000 | 0x00170000 | 0x001affff | Private Memory | rw |
|
|
|
- |
| private_0x00000000001b0000 | 0x001b0000 | 0x002affff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000002b0000 | 0x002b0000 | 0x002b3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000002c0000 | 0x002c0000 | 0x002c0fff | Pagefile Backed Memory | r |
|
|
|
- |
| ntdll.dll | 0x77110000 | 0x77288fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| pagefile_0x00000000ff340000 | 0xff340000 | 0xff362fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000ff364000 | 0xff364000 | 0xff364fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000ff36c000 | 0xff36c000 | 0xff36efff | Private Memory | rw |
|
|
|
- |
| private_0x00000000ff36f000 | 0xff36f000 | 0xff36ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000fffe0000 | 0xfffe0000 | 0x7ff8f68affff | Private Memory | r |
|
|
|
- |
| ntdll.dll | 0x7ff8f68b0000 | 0x7ff8f6a71fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00007ff8f6a72000 | 0x7ff8f6a72000 | 0x7ffffffeffff | Private Memory | r |
|
|
|
- |
Process #11: t1.exe
0
0
| Information | Value |
|---|---|
| ID | #11 |
| File Name | c:\users\ciihmnxmn6ps\desktop\t1.exe |
| Command Line | "C:\Users\CIiHmnxMn6Ps\Desktop\T1.exe" |
| Initial Working Directory | C:\Windows\SysWOW64\ |
| Monitor | Start Time: 00:03:07, Reason: Autostart |
| Unmonitor | End Time: 00:03:07, Reason: Self Terminated |
| Monitor Duration | 00:00:00 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x2d4 |
| Parent PID | 0xbf4 (c:\windows\syswow64\runonce.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
550
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| t1.exe | 0x00600000 | 0x0060bfff | Memory Mapped File | rwx |
|
|
|
|
| private_0x0000000000610000 | 0x00610000 | 0x0062ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000630000 | 0x00630000 | 0x00631fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000640000 | 0x00640000 | 0x00653fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000660000 | 0x00660000 | 0x0069ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000006a0000 | 0x006a0000 | 0x0079ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000007a0000 | 0x007a0000 | 0x007a3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000007b0000 | 0x007b0000 | 0x007b0fff | Pagefile Backed Memory | r |
|
|
|
- |
| ntdll.dll | 0x77110000 | 0x77288fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| pagefile_0x00000000fedd0000 | 0xfedd0000 | 0xfedf2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000fedf9000 | 0xfedf9000 | 0xfedfbfff | Private Memory | rw |
|
|
|
- |
| private_0x00000000fedfc000 | 0xfedfc000 | 0xfedfcfff | Private Memory | rw |
|
|
|
- |
| private_0x00000000fedfe000 | 0xfedfe000 | 0xfedfefff | Private Memory | rw |
|
|
|
- |
| private_0x00000000fffe0000 | 0xfffe0000 | 0x7ff8f68affff | Private Memory | r |
|
|
|
- |
| ntdll.dll | 0x7ff8f68b0000 | 0x7ff8f6a71fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00007ff8f6a72000 | 0x7ff8f6a72000 | 0x7ffffffeffff | Private Memory | r |
|
|
|
- |
Process #12: t1.exe
13348
311
| Information | Value |
|---|---|
| ID | #12 |
| File Name | c:\users\ciihmnxmn6ps\desktop\t1.exe |
| Command Line | "C:\Users\CIiHmnxMn6Ps\Desktop\T1.exe" |
| Initial Working Directory | C:\Windows\SysWOW64\ |
| Monitor | Start Time: 00:03:09, Reason: Autostart |
| Unmonitor | End Time: 00:04:44, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:35 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x844 |
| Parent PID | 0xbf4 (c:\windows\syswow64\runonce.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
AEC
0x
AE0
0x
774
0x
A54
0x
9FC
0x
A04
0x
ADC
0x
A18
0x
AC8
0x
AA8
0x
AB8
0x
2E8
0x
460
0x
2F0
0x
5E0
0x
540
0x
490
0x
564
0x
560
0x
A68
0x
54C
0x
AF8
0x
154
0x
B24
0x
B08
0x
BC8
0x
540
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| t1.exe | 0x00f10000 | 0x00f1bfff | Memory Mapped File | rwx |
|
|
|
|
| private_0x0000000000f20000 | 0x00f20000 | 0x00f3ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000f20000 | 0x00f20000 | 0x00f2ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000f30000 | 0x00f30000 | 0x00f33fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000f40000 | 0x00f40000 | 0x00f40fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000f50000 | 0x00f50000 | 0x00f63fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000f70000 | 0x00f70000 | 0x00faffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000fb0000 | 0x00fb0000 | 0x010affff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000010b0000 | 0x010b0000 | 0x010b3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000010c0000 | 0x010c0000 | 0x010c0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000010d0000 | 0x010d0000 | 0x010d1fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x010e0000 | 0x0119dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000000011a0000 | 0x011a0000 | 0x011dffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000011e0000 | 0x011e0000 | 0x011e0fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000011f0000 | 0x011f0000 | 0x011f0fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000001200000 | 0x01200000 | 0x0120ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000001210000 | 0x01210000 | 0x0121ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000001220000 | 0x01220000 | 0x0122ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000001230000 | 0x01230000 | 0x0123ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000001240000 | 0x01240000 | 0x0124ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000001250000 | 0x01250000 | 0x0125ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000001260000 | 0x01260000 | 0x0126ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001270000 | 0x01270000 | 0x01270fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001280000 | 0x01280000 | 0x01280fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001290000 | 0x01290000 | 0x012cffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000012d0000 | 0x012d0000 | 0x012dffff | Private Memory | - |
|
|
|
- |
| private_0x00000000012e0000 | 0x012e0000 | 0x012effff | Private Memory | - |
|
|
|
- |
| private_0x00000000012f0000 | 0x012f0000 | 0x012fffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001300000 | 0x01300000 | 0x013fffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001400000 | 0x01400000 | 0x014fffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001500000 | 0x01500000 | 0x0152ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000001530000 | 0x01530000 | 0x0153ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001540000 | 0x01540000 | 0x015dffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000015e0000 | 0x015e0000 | 0x015effff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000015f0000 | 0x015f0000 | 0x0162ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001630000 | 0x01630000 | 0x0163ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001640000 | 0x01640000 | 0x0164ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000001650000 | 0x01650000 | 0x0165ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000001660000 | 0x01660000 | 0x0166ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000001670000 | 0x01670000 | 0x0167ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000001680000 | 0x01680000 | 0x0168ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000001690000 | 0x01690000 | 0x01817fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000001820000 | 0x01820000 | 0x019a0fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000019b0000 | 0x019b0000 | 0x02daffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000002db0000 | 0x02db0000 | 0x02eaffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002eb0000 | 0x02eb0000 | 0x04eaffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004eb0000 | 0x04eb0000 | 0x04faffff | Private Memory | rw |
|
|
|
- |
| sortdefault.nls | 0x04fb0000 | 0x052e6fff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000000052f0000 | 0x052f0000 | 0x0549ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000052f0000 | 0x052f0000 | 0x052fffff | Private Memory | - |
|
|
|
- |
| comctl32.dll | 0x05300000 | 0x0538efff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000005300000 | 0x05300000 | 0x0536ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000005300000 | 0x05300000 | 0x05300fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000005300000 | 0x05300000 | 0x05303fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000005310000 | 0x05310000 | 0x05313fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005320000 | 0x05320000 | 0x0532ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005330000 | 0x05330000 | 0x0533ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005340000 | 0x05340000 | 0x0534ffff | Private Memory | rw |
|
|
|
- |
| accessibility.dll | 0x05340000 | 0x05349fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x0000000005350000 | 0x05350000 | 0x0535ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005360000 | 0x05360000 | 0x0536ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000005370000 | 0x05370000 | 0x05371fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000005380000 | 0x05380000 | 0x0538ffff | Private Memory | - |
|
|
|
- |
| microsoft.visualbasic.dll | 0x05390000 | 0x0542bfff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x0000000005430000 | 0x05430000 | 0x0546ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005470000 | 0x05470000 | 0x0547ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000005480000 | 0x05480000 | 0x05483fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005490000 | 0x05490000 | 0x0549ffff | Private Memory | rw |
|
|
|
- |
| system.drawing.dll | 0x054a0000 | 0x0552ffff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x0000000005530000 | 0x05530000 | 0x055e7fff | Pagefile Backed Memory | r |
|
|
|
- |
| system.runtime.remoting.dll | 0x055f0000 | 0x05643fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x0000000005650000 | 0x05650000 | 0x05653fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005660000 | 0x05660000 | 0x0566ffff | Private Memory | - |
|
|
|
- |
| windowsshell.manifest | 0x05670000 | 0x05670fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000005670000 | 0x05670000 | 0x0567ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005670000 | 0x05670000 | 0x05670fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000005680000 | 0x05680000 | 0x05681fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000005690000 | 0x05690000 | 0x0569ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000005690000 | 0x05690000 | 0x05690fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000056a0000 | 0x056a0000 | 0x056affff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000056b0000 | 0x056b0000 | 0x057fffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000056b0000 | 0x056b0000 | 0x057affff | Private Memory | rw |
|
|
|
- |
| private_0x00000000057b0000 | 0x057b0000 | 0x057bffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000057f0000 | 0x057f0000 | 0x057fffff | Private Memory | rw |
|
|
|
- |
| ~fontcache-system.dat | 0x05800000 | 0x05875fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000005880000 | 0x05880000 | 0x058fffff | Private Memory | rw |
|
|
|
- |
| system.windows.forms.dll | 0x05940000 | 0x05dd7fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x0000000005de0000 | 0x05de0000 | 0x0635efff | Private Memory | rw |
|
|
|
- |
| private_0x0000000006360000 | 0x06360000 | 0x0645ffff | Private Memory | rw |
|
|
|
- |
| ~fontcache-fontface.dat | 0x06460000 | 0x0745ffff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000007460000 | 0x07460000 | 0x0755ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000007560000 | 0x07560000 | 0x07a51fff | Pagefile Backed Memory | rw |
|
|
|
- |
| comctl32.dll | 0x07a60000 | 0x07c64fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x0000000007a60000 | 0x07a60000 | 0x07f3dfff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000007a60000 | 0x07a60000 | 0x07b5ffff | Private Memory | rw |
|
|
|
- |
| staticcache.dat | 0x07f40000 | 0x08f7ffff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x0000000008f80000 | 0x08f80000 | 0x09471fff | Pagefile Backed Memory | rw |
|
|
|
- |
| wow64win.dll | 0x61770000 | 0x617e2fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x617f0000 | 0x6183efff | Memory Mapped File | rwx |
|
|
|
- |
| wow64cpu.dll | 0x61840000 | 0x61847fff | Memory Mapped File | rwx |
|
|
|
- |
| dwrite.dll | 0x70fe0000 | 0x711cffff | Memory Mapped File | rwx |
|
|
|
- |
| gdiplus.dll | 0x711d0000 | 0x7133afff | Memory Mapped File | rwx |
|
|
|
- |
| dwmapi.dll | 0x71340000 | 0x7135cfff | Memory Mapped File | rwx |
|
|
|
- |
| comctl32.dll | 0x71360000 | 0x713f1fff | Memory Mapped File | rwx |
|
|
|
- |
| system.ni.dll | 0x71400000 | 0x71dacfff | Memory Mapped File | rwx |
|
|
|
- |
| clrjit.dll | 0x71db0000 | 0x71e2cfff | Memory Mapped File | rwx |
|
|
|
- |
| mscorlib.ni.dll | 0x71e30000 | 0x7305afff | Memory Mapped File | rwx |
|
|
|
- |
| msvcr120_clr0400.dll | 0x73060000 | 0x73154fff | Memory Mapped File | rwx |
|
|
|
- |
| clr.dll | 0x73160000 | 0x73807fff | Memory Mapped File | rwx |
|
|
|
- |
| version.dll | 0x73810000 | 0x73817fff | Memory Mapped File | rwx |
|
|
|
- |
| mscoreei.dll | 0x73820000 | 0x73897fff | Memory Mapped File | rwx |
|
|
|
- |
| mscoree.dll | 0x738a0000 | 0x738f8fff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x73f20000 | 0x73f94fff | Memory Mapped File | rwx |
|
|
|
- |
| comctl32.dll | 0x73fa0000 | 0x741a8fff | Memory Mapped File | rwx |
|
|
|
- |
| bcryptprimitives.dll | 0x741b0000 | 0x74208fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x74210000 | 0x74219fff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x74220000 | 0x7423dfff | Memory Mapped File | rwx |
|
|
|
- |
| combase.dll | 0x742a0000 | 0x74459fff | Memory Mapped File | rwx |
|
|
|
- |
| ole32.dll | 0x74460000 | 0x74549fff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x75ca0000 | 0x75ccafff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x761b0000 | 0x761f2fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x76390000 | 0x764dcfff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x76510000 | 0x7658afff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x766b0000 | 0x7675bfff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x767c0000 | 0x768dffff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x768e0000 | 0x7699dfff | Memory Mapped File | rwx |
|
|
|
- |
| shlwapi.dll | 0x769a0000 | 0x769e3fff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x769f0000 | 0x76b2ffff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x76b30000 | 0x76ca5fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel.appcore.dll | 0x76cb0000 | 0x76cbbfff | Memory Mapped File | rwx |
|
|
|
- |
| oleaut32.dll | 0x76cc0000 | 0x76d51fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x76df0000 | 0x76edffff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77110000 | 0x77288fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffff | Private Memory | - |
|
|
|
- |
| private_0x0000000080000000 | 0x80000000 | 0x8000ffff | Private Memory | - |
|
|
|
- |
| private_0x00000000ff110000 | 0xff110000 | 0xff11ffff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000ff120000 | 0xff120000 | 0xff16ffff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000ff17a000 | 0xff17a000 | 0xff17cfff | Private Memory | rw |
|
|
|
- |
| private_0x00000000ff17d000 | 0xff17d000 | 0xff17ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000ff180000 | 0xff180000 | 0xff27ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000ff280000 | 0xff280000 | 0xff2a2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000ff2a5000 | 0xff2a5000 | 0xff2a7fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000ff2a8000 | 0xff2a8000 | 0xff2aafff | Private Memory | rw |
|
|
|
- |
| private_0x00000000ff2ab000 | 0xff2ab000 | 0xff2adfff | Private Memory | rw |
|
|
|
- |
| private_0x00000000ff2ae000 | 0xff2ae000 | 0xff2aefff | Private Memory | rw |
|
|
|
- |
| private_0x00000000ff2af000 | 0xff2af000 | 0xff2affff | Private Memory | rw |
|
|
|
- |
| private_0x00000000fffe0000 | 0xfffe0000 | 0x7ff8f68affff | Private Memory | r |
|
|
|
- |
| ntdll.dll | 0x7ff8f68b0000 | 0x7ff8f6a71fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00007ff8f6a72000 | 0x7ff8f6a72000 | 0x7ffffffeffff | Private Memory | r |
|
|
|
- |
|
For performance reasons, the remaining 165 entries are omitted.
The remaining entries can be found in flog.txt. |
||||||||
Created Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\JP2KLib.dll | 752.50 KB |
MD5:
2db307acd7ef6fb1733405a6a4ff5d22
SHA1: a2fd5a1d4e586c8856516a2f0219479e24334b4d SHA256: 4906ddd5a0a2948a9e4108c5f57d23c79ecb1b4b5d6050116b943da2e5ba1d0d SSDeep: 12288:IJSxVb4iyG3AX2DfZNGBahs4uT3qL7Fz38TQ7L+Bjbbnioe8lDobbbGUp2MNky:IJMyG3Amfc4S27J388fQjX13l0bbbJ |
|
|
Modified Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\JP2KLib.dll | 752.50 KB |
MD5:
2db307acd7ef6fb1733405a6a4ff5d22
SHA1: a2fd5a1d4e586c8856516a2f0219479e24334b4d SHA256: 4906ddd5a0a2948a9e4108c5f57d23c79ecb1b4b5d6050116b943da2e5ba1d0d SSDeep: 12288:IJSxVb4iyG3AX2DfZNGBahs4uT3qL7Fz38TQ7L+Bjbbnioe8lDobbbGUp2MNky:IJMyG3Amfc4S27J388fQjX13l0bbbJ |
|
|
Host Behavior
COM (6)
| Operation | Class | Interface | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Create | WbemDefaultPathParser | IClassFactory | cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
3 | |
| Create | WBEMLocator | IClassFactory | cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
1 | |
| Create | WBEMLocator | IWbemLocator | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Execute | WBEMLocator | IWbemLocator | method_name = ConnectServer, network_resource = \\.\root\cimv2 |
|
1 |
File (6000)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\screen.jpg | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Temp\don.bmp | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\desktop.ini | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\desktop.ini | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Program Files (x86)\Adobe\ncstatements.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\ncstatements.exe | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\ncstatements.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\ncstatements.exe | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\ReadMe.htm | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\ReadMe.htm | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\ReadMe.htm.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\ReadMe.htm.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\ReadMe.htm.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\ReadMe.htm.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\A3DUtils.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\A3DUtils.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\A3DUtils.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ACE.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\A3DUtils.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ACE.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ACE.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Acrofx32.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ACE.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Acrofx32.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Acrofx32.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Acrofx32.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\0iZpa3zd4g8L.mkv.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\0iZpa3zd4g8L.mkv.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\15xo6kifu pmSmCyy-0r.m4a.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\15xo6kifu pmSmCyy-0r.m4a.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\1HGO.pps.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\1HGO.pps.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\1XHufR-DxIGxuK V.gif.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\1XHufR-DxIGxuK V.gif.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\5N0mP.mp3.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\5N0mP.mp3.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\6jKSrZJ88Nt.wav.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\6jKSrZJ88Nt.wav.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\7h3QF4wV.mkv.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\7h3QF4wV.mkv.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\aF5hPNlB271.ppt.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\aF5hPNlB271.ppt.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\BWs 3bhQ1.avi.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\BWs 3bhQ1.avi.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\cjaeW XgxzGyM50.doc.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\cjaeW XgxzGyM50.doc.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\EPWxIuv.wav.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\EPWxIuv.wav.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\E_YYe_Gq1htVp.m4a.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\E_YYe_Gq1htVp.m4a.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\FDO8HMeSGmQJ.mp3.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\FDO8HMeSGmQJ.mp3.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\fXiuXdEX.mp4.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\fXiuXdEX.mp4.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\G5MbiMZSXdsj9RRuy4.m4a.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\G5MbiMZSXdsj9RRuy4.m4a.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\gG5PhGomRyRPP.bmp.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\gG5PhGomRyRPP.bmp.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\gwX91CRt0Sj.mp3.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\gwX91CRt0Sj.mp3.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\gW_ 0mkl9Fl_moi.png.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\gW_ 0mkl9Fl_moi.png.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\h2FEIh7b7C.bmp.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\h2FEIh7b7C.bmp.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\hGiFShE.mp3.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\hGiFShE.mp3.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\iQKMvUzGPjtGBd0lRgyy.bmp.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\iQKMvUzGPjtGBd0lRgyy.bmp.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Jj961q86p5_E.mp3.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Jj961q86p5_E.mp3.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\kPvJOo_e0v2YY.bmp.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\kPvJOo_e0v2YY.bmp.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\lbYChRg-xAiK-KFgsEDW.gif.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\lbYChRg-xAiK-KFgsEDW.gif.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\LqkxAaKe.gif.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\LqkxAaKe.gif.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Na7yBkRxW5gqqSM.gif.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Na7yBkRxW5gqqSM.gif.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\PiQQ2Af9SozQW.bmp.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\PiQQ2Af9SozQW.bmp.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\pVHPwtaaDNFAoC4M.wav.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\pVHPwtaaDNFAoC4M.wav.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\q0Lfg4X0PkE9ZS3se1w.wav.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\q0Lfg4X0PkE9ZS3se1w.wav.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\TiTXeHNWNY.flv.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\TiTXeHNWNY.flv.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\TP9I5YPYS.bmp.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\TP9I5YPYS.bmp.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\vRIJHQaZ.mp3.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\vRIJHQaZ.mp3.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\ZMyqqk.avi.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\ZMyqqk.avi.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\zPlwGU07 kcnw.pps.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\zPlwGU07 kcnw.pps.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobData.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobData.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\0FDED5CEB68C302B1CDB2BDDD9D0000E76539CB0.crl.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\0FDED5CEB68C302B1CDB2BDDD9D0000E76539CB0.crl.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\CE338828149963DCEA4CD26BB86F0363B4CA0BA5.crl.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\CE338828149963DCEA4CD26BB86F0363B4CA0BA5.crl.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Flash Player\NativeCache\NativeCache.directory.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Flash Player\NativeCache\NativeCache.directory.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\LogTransport2\LogTransport2.cfg.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\LogTransport2\LogTransport2.cfg.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Sonar\Sonar1.0\sonar_policy.xml.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Sonar\Sonar1.0\sonar_policy.xml.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Access\AccessCache.accdb.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Access\AccessCache.accdb.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Access\System.mdw.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Access\System.mdw.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\APASixthEditionOfficeOnline.xsl.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\APASixthEditionOfficeOnline.xsl.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\CHICAGO.XSL.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\CHICAGO.XSL.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\GB.XSL.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\GB.XSL.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\GostName.XSL.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\GostName.XSL.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\GostTitle.XSL.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\GostTitle.XSL.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\HarvardAnglia2008OfficeOnline.xsl.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\HarvardAnglia2008OfficeOnline.xsl.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\IEEE2006OfficeOnline.xsl.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\IEEE2006OfficeOnline.xsl.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\ISO690.XSL.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\ISO690.XSL.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\ISO690Nmerical.XSL.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\ISO690Nmerical.XSL.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\MLASeventhEditionOfficeOnline.xsl.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\MLASeventhEditionOfficeOnline.xsl.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\SIST02.XSL.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\SIST02.XSL.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\TURABIAN.XSL.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\TURABIAN.XSL.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1462094071-1423818996-289466292-1000\46a78fa46b43fb180b4fa21773f8ff3e_427a1946-e0ff-4097-8c9e-ca2c1e22780b | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1462094071-1423818996-289466292-1000\46a78fa46b43fb180b4fa21773f8ff3e_427a1946-e0ff-4097-8c9e-ca2c1e22780b | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1462094071-1423818996-289466292-1000\83aa4cc77f591dfc2374580bbd95f6ba_427a1946-e0ff-4097-8c9e-ca2c1e22780b | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1462094071-1423818996-289466292-1000\83aa4cc77f591dfc2374580bbd95f6ba_427a1946-e0ff-4097-8c9e-ca2c1e22780b | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Document Building Blocks\1033\16\Built-In Building Blocks.dotx.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Document Building Blocks\1033\16\Built-In Building Blocks.dotx.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\MS Project\16\en-US\Global.MPT.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\MS Project\16\en-US\Global.MPT.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Office\MSO1033.acl.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Office\MSO1033.acl.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Office\Recent\Database1.LNK.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Office\Recent\Database1.LNK.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Office\Recent\Documents.LNK.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Office\Recent\Documents.LNK.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Office\Recent\Global.LNK.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Office\Recent\Global.LNK.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Office\Recent\index.dat | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Office\Recent\index.dat | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Office\Recent\Templates.LNK.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Office\Recent\Templates.LNK.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\OneNote\16.0\Preferences.dat.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\OneNote\16.0\Preferences.dat.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Outlook\Outlook.srs.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Outlook\Outlook.srs.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Outlook\Outlook.xml.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Outlook\Outlook.xml.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\CREDHIST | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\CREDHIST | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\SYNCHIST | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\SYNCHIST | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\04cd465a-248d-4abd-853a-5cb67fe43510 | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\04cd465a-248d-4abd-853a-5cb67fe43510 | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\15d22704-736b-416f-a36b-857f2a5d2a7e | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\15d22704-736b-416f-a36b-857f2a5d2a7e | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\496f2c5b-a90f-4380-b805-3bf6ac63451b | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\496f2c5b-a90f-4380-b805-3bf6ac63451b | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\5b8a3202-35dc-4437-b5d7-374f5e872415 | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\5b8a3202-35dc-4437-b5d7-374f5e872415 | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\60b22e29-462b-4858-9592-1724c7ae07dd | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\60b22e29-462b-4858-9592-1724c7ae07dd | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\d7746ecf-458e-4e71-8557-8ac80457022a | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\d7746ecf-458e-4e71-8557-8ac80457022a | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\Preferred | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\Preferred | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Publisher Building Blocks\ContentStore.xml.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Publisher Building Blocks\ContentStore.xml.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\SystemCertificates\My\AppContainerUserCertRead | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\SystemCertificates\My\AppContainerUserCertRead | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Calendar insights.xltm.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Calendar insights.xltm.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Cashflow analysis.xltm.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Cashflow analysis.xltm.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Email Insights.xltm.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Email Insights.xltm.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Normal.dotm.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Normal.dotm.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Process Map for Basic Flowchart.xltx.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Process Map for Basic Flowchart.xltx.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Process Map for Cross-Functional Flowchart.xltx.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Process Map for Cross-Functional Flowchart.xltx.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Stock symbols comparison.xltm.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Stock symbols comparison.xltm.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Welcome to Excel.xltx.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Welcome to Excel.xltx.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03090430[[fn=Banded]].thmx.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03090430[[fn=Banded]].thmx.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03090434[[fn=Wood Type]].thmx.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03090434[[fn=Wood Type]].thmx.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Res.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Res.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457444[[fn=Basis]].thmx.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457444[[fn=Basis]].thmx.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457464[[fn=Dividend]].thmx.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457464[[fn=Dividend]].thmx.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457475[[fn=Frame]].thmx.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457475[[fn=Frame]].thmx.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457485[[fn=Mesh]].thmx.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457485[[fn=Mesh]].thmx.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457491[[fn=Metropolitan]].thmx.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Res.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Res.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457491[[fn=Metropolitan]].thmx.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457496[[fn=Parallax]].thmx.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457496[[fn=Parallax]].thmx.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457503[[fn=Quotable]].thmx.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457503[[fn=Quotable]].thmx.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457510[[fn=Savon]].thmx.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457510[[fn=Savon]].thmx.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroSup64.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457515[[fn=View]].thmx.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroSup64.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroSup64.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroSup64.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Adobe.Reader.Dependencies.manifest.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457515[[fn=View]].thmx.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033917[[fn=Berlin]].thmx.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Adobe.Reader.Dependencies.manifest.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Adobe.Reader.Dependencies.manifest.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033917[[fn=Berlin]].thmx.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033919[[fn=Circuit]].thmx.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeLinguistic.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeLinguistic.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\adoberfp.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\adoberfp.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeLinguistic.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\adoberfp.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\adoberfp.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeXMP.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033919[[fn=Circuit]].thmx.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033921[[fn=Damask]].thmx.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeXMP.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeXMP.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AGM.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeXMP.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AGM.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033921[[fn=Damask]].thmx.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033925[[fn=Droplet]].thmx.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033925[[fn=Droplet]].thmx.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AGM.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AGM.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033927[[fn=Main Event]].thmx.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AGMGPUOptIn.ini.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AGMGPUOptIn.ini.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ahclient.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ahclient.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIDE.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AGMGPUOptIn.ini.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ahclient.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIDE.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033927[[fn=Main Event]].thmx.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIDE.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIDE.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033929[[fn=Slate]].thmx.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AXE8SharedExpat.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AXE8SharedExpat.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AXSLE.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AXE8SharedExpat.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AXSLE.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AXSLE.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033929[[fn=Slate]].thmx.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033937[[fn=Vapor Trail]].thmx.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\BIB.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\BIB.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\BIBUtils.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\BIBUtils.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_asym.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\BIB.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\BIBUtils.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_asym.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_asym.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_asym.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_asym.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_asym.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_asym.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_asym.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_base.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_base.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_base.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_base_non_fips.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_base_non_fips.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_base.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_base_non_fips.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_ecc.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_ecc.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_ecc.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033937[[fn=Vapor Trail]].thmx.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Click on 'Change' to select default PDF handler.pdf | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Click on 'Change' to select default PDF handler.pdf | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Click on 'Change' to select default PDF handler.pdf.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Click on 'Change' to select default PDF handler.pdf.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Click on 'Change' to select default PDF handler.pdf.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\CoolType.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\CoolType.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001103[[fn=Headlines]].thmx.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001103[[fn=Headlines]].thmx.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001104[[fn=Feathered]].thmx.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\CoolType.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\CoolType.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001104[[fn=Feathered]].thmx.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001105[[fn=Crop]].thmx.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001105[[fn=Crop]].thmx.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\cryptocme.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\cryptocme.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\cryptocme.sig.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\cryptocme.sig.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\DirectInk.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\DirectInk.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\cryptocme.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\cryptocme.sig.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ExtendScript.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001106[[fn=Badge]].thmx.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ExtendScript.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001106[[fn=Badge]].thmx.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001114[[fn=Gallery]].thmx.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ExtendScript.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\icucnv40.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ExtendScript.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001114[[fn=Gallery]].thmx.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\icucnv40.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\icucnv40.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\icudt40.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\icudt40.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\icucnv40.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001115[[fn=Parcel]].thmx.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001115[[fn=Parcel]].thmx.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328884[[fn=architecture]].glox.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\icudt40.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\JP2KLib.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\logsession.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\logsession.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328884[[fn=architecture]].glox.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328893[[fn=BracketList]].glox.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Onix32.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328893[[fn=BracketList]].glox.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328905[[fn=Chevron Accent]].glox.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328905[[fn=Chevron Accent]].glox.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328908[[fn=Circle Process]].glox.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328908[[fn=Circle Process]].glox.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328916[[fn=Converging Text]].glox.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328916[[fn=Converging Text]].glox.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328919[[fn=Hexagon Radial]].glox.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Onix32.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Onix32.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\PDFPrevHndlr.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Onix32.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\PDFPrevHndlr.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328919[[fn=Hexagon Radial]].glox.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328925[[fn=Interconnected Block Process]].glox.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328925[[fn=Interconnected Block Process]].glox.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328932[[fn=Picture Frame]].glox.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328932[[fn=Picture Frame]].glox.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328935[[fn=Picture Organization Chart]].glox.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328935[[fn=Picture Organization Chart]].glox.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328940[[fn=Radial Picture List]].glox.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\PDFPrevHndlr.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\PDFPrevHndlr.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\PDFSigQFormalRep.pdf.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\PDFPrevHndlr.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\PDFSigQFormalRep.pdf.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328940[[fn=Radial Picture List]].glox.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328951[[fn=Tabbed Arc]].glox.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\PDFSigQFormalRep.pdf.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\pe.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\pe.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328951[[fn=Tabbed Arc]].glox.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328972[[fn=Tab List]].glox.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328972[[fn=Tab List]].glox.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328975[[fn=Theme Picture Accent]].glox.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328975[[fn=Theme Picture Accent]].glox.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328983[[fn=Theme Picture Alternating Accent]].glox.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328983[[fn=Theme Picture Alternating Accent]].glox.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328986[[fn=Theme Picture Grid]].glox.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\pe.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\pmd.cer.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328986[[fn=Theme Picture Grid]].glox.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328990[[fn=Varying Width List]].glox.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328990[[fn=Varying Width List]].glox.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328998[[fn=Rings]].glox.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328998[[fn=Rings]].glox.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\AccountPictures\desktop.ini | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\AccountPictures\desktop.ini | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Libraries\CameraRoll.library-ms.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\pe.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\pmd.cer.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Libraries\CameraRoll.library-ms.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Libraries\SavedPictures.library-ms.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Libraries\SavedPictures.library-ms.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\rt3d.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\pmd.cer.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\rt3d.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\-ETZ0.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\rt3d.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\RTC.der.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\rt3d.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\RTC.der.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\-ETZ0.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\-yuLo8Xz54U7i9L0KEO.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\-yuLo8Xz54U7i9L0KEO.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\0iZpa3zd4g8L.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\0iZpa3zd4g8L.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\0Nrb.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\0Nrb.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\1-_Zm94tvZosY8j.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\RTC.der.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ScCore.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ScCore.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\RTC.der.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ScCore.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ScCore.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\1-_Zm94tvZosY8j.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\1HGO.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\1HGO.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\1Nqst9Pv9H0NqTWMz.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\1Nqst9Pv9H0NqTWMz.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\1XHufR-DxIGxuK V.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\1XHufR-DxIGxuK V.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\2AAH.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\2AAH.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\2lQa.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\2lQa.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\2VBt.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\2VBt.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\3uC5lPg2.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\3uC5lPg2.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\3UgPVdPfYZjjrZ.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\sqlite.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\sqlite.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ViewerPS.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ViewerPS.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\sqlite.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ViewerPS.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ViewerPS.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Welcome.pdf.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Welcome.pdf.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\3UgPVdPfYZjjrZ.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\4BeVEPykueyWk.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Welcome.pdf.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\4BeVEPykueyWk.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\4oY1.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\4oY1.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\4ZpwZlP.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\AppCenter_R.aapp.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\AppCenter_R.aapp.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Certificates_R.aapp.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Certificates_R.aapp.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\AppCenter_R.aapp.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Certificates_R.aapp.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\CollectSignatures.aapp.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\CollectSignatures.aapp.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\4ZpwZlP.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\5asscy.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\CollectSignatures.aapp.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\CollectSignatures.aapp.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Combine_R_RHP.aapp.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Combine_R_RHP.aapp.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Comments.aapp.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Comments.aapp.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Compare_R_RHP.aapp.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\5asscy.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\5euoT.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\5euoT.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\5Mw2r9UNadjcKS 5kI.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Combine_R_RHP.aapp.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Comments.aapp.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Compare_R_RHP.aapp.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Compare_R_RHP.aapp.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\CPDF_Full.aapp.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\CPDF_Full.aapp.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\CPDF_RHP.aapp.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\CPDF_RHP.aapp.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Edit_R_Exp_RHP.aapp.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Compare_R_RHP.aapp.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\CPDF_Full.aapp.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\CPDF_RHP.aapp.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Edit_R_Exp_RHP.aapp.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\5Mw2r9UNadjcKS 5kI.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\5N0mP.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\5N0mP.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\64lRu.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\64lRu.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\6boiF3wfD.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Edit_R_Exp_RHP.aapp.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Edit_R_Full.aapp.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Edit_R_Full.aapp.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Edit_R_RHP.aapp.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Edit_R_RHP.aapp.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\EPDF_Full.aapp.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\EPDF_Full.aapp.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\EPDF_RHP.aapp.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Edit_R_Exp_RHP.aapp.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\6boiF3wfD.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\6EkNNw1.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\6EkNNw1.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\6jKSrZJ88Nt.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\6jKSrZJ88Nt.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\7h3QF4wV.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\EPDF_RHP.aapp.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\FillSign.aapp.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\FillSign.aapp.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Home.aapp.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Home.aapp.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Measure.aapp.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\7h3QF4wV.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\7kRyLLh8Fecfz.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\7kRyLLh8Fecfz.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\8KYx2CszEFgmwAnMdWQ.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\8KYx2CszEFgmwAnMdWQ.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\8Nc3tSj.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Edit_R_Full.aapp.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Edit_R_RHP.aapp.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\EPDF_Full.aapp.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\EPDF_RHP.aapp.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\FillSign.aapp.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Home.aapp.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Measure.aapp.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\MoreTools.aapp.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\MoreTools.aapp.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\OptimizePDF_R_RHP.aapp.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Measure.aapp.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\MoreTools.aapp.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\OptimizePDF_R_RHP.aapp.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Pages_R_RHP.aapp.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Pages_R_RHP.aapp.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Protect_R_RHP.aapp.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Protect_R_RHP.aapp.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Redact_R_RHP.aapp.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\OptimizePDF_R_RHP.aapp.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\8Nc3tSj.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\8O3xInjFG-.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\8O3xInjFG-.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\96N_Ex4DfD4NUl.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\96N_Ex4DfD4NUl.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\a632tVWij.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Pages_R_RHP.aapp.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Protect_R_RHP.aapp.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Redact_R_RHP.aapp.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Redact_R_RHP.aapp.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Scan_R_RHP.aapp.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Scan_R_RHP.aapp.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Stamp.aapp.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Stamp.aapp.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Redact_R_RHP.aapp.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\a632tVWij.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\aGAV 4MO.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\aGAV 4MO.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Ajaa.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Ajaa.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\AnAfGx.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\AnAfGx.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\aNP6 q0g4QCqKdj_BlK.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\aNP6 q0g4QCqKdj_BlK.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\ap2 wE6qqrqV.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\ap2 wE6qqrqV.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\aslyDbn3T.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\aslyDbn3T.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\AYoHC-JwkrpFhY.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Scan_R_RHP.aapp.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Stamp.aapp.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\TrackedSend.aapp.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\TrackedSend.aapp.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Viewer.aapp.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Viewer.aapp.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef.pak.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\TrackedSend.aapp.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Viewer.aapp.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef.pak.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\AYoHC-JwkrpFhY.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Bbu-W_Sogh6ms J.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef.pak.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef_100_percent.pak.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef_100_percent.pak.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef_200_percent.pak.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef_200_percent.pak.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef_extensions.pak.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef_extensions.pak.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\chrome_elf.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Bbu-W_Sogh6ms J.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\bhLW0klTEyT.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\bhLW0klTEyT.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef.pak.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef_100_percent.pak.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef_200_percent.pak.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef_extensions.pak.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\chrome_elf.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\COPYING.LGPLv2.1.txt.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\BuSDZubvOoJLQqb6kp.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\BuSDZubvOoJLQqb6kp.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\BVafMs.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\BVafMs.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\BWs 3bhQ1.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\BWs 3bhQ1.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\C 7StU PmrF W5.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\chrome_elf.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\COPYING.LGPLv2.1.txt.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\COPYING.LGPLv2.1.txt.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\d3dcompiler_43.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\COPYING.LGPLv2.1.txt.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\d3dcompiler_43.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\C 7StU PmrF W5.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\CaYFhx2S_sx0I.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\CaYFhx2S_sx0I.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\cBictnZUzxJqTjU0By.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\cBictnZUzxJqTjU0By.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\cOVJQbE5KC.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\cOVJQbE5KC.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\CRmvkbrUU.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\CRmvkbrUU.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\csSjj1NyoP Y.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\csSjj1NyoP Y.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\cVWb4ijjzB6XY54q-.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\cVWb4ijjzB6XY54q-.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\cZ9NNansodbagz2y.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\cZ9NNansodbagz2y.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\d UHIyZMKWtXxZo4.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\d3dcompiler_43.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\d UHIyZMKWtXxZo4.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\DlKGWjPL.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\d3dcompiler_43.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\d3dcompiler_47.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\d3dcompiler_47.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\DlKGWjPL.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\DQbHeP4EQMchn5K4Y.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\DQbHeP4EQMchn5K4Y.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\dTYc26jTROQFY8L9.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\dTYc26jTROQFY8L9.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\eVLxxpIB4LEo2.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\eVLxxpIB4LEo2.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\FQY MiRxNH.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\FQY MiRxNH.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\fXiuXdEX.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\d3dcompiler_47.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\fXiuXdEX.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\fX_6RGO9x6eah.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\fX_6RGO9x6eah.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\g 5mKHLgSTRsHOoqKX.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\g 5mKHLgSTRsHOoqKX.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\g8__lQYJHvLKkA.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\g8__lQYJHvLKkA.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\GIQa1rxE.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\GIQa1rxE.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudt.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\GVP8Q i8h5z.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\GVP8Q i8h5z.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\GwjnHz0szYzIRd g9sf.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\GwjnHz0szYzIRd g9sf.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\gW_ 0mkl9Fl_moi.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\gW_ 0mkl9Fl_moi.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\h2FEIh7b7C.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\h2FEIh7b7C.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudt.dll.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\hGiFShE.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\hGiFShE.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Hp7R2t_MgqX-MHjZrFQZ.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Hp7R2t_MgqX-MHjZrFQZ.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\hWgJewIS.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\hWgJewIS.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\i3fyVPekcQKVJV8_b.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\i3fyVPekcQKVJV8_b.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Igp6Jr9yJli.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Igp6Jr9yJli.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\igV00fF_ThP CVjl.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\igV00fF_ThP CVjl.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\iPb_8u5S.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\iPb_8u5S.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\iT4co4GLTCD_tAT.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\iT4co4GLTCD_tAT.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\iVNbo.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\iVNbo.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\JacMcxHcE7vksb.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\JacMcxHcE7vksb.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\jGHwu0SUV-gXfkT.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\jGHwu0SUV-gXfkT.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\JhYilt85gm5KSggeHJ7.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\JhYilt85gm5KSggeHJ7.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Jj961q86p5_E.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Jj961q86p5_E.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\JNaf9bh.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\JNaf9bh.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\jQdhJt.flv.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\jQdhJt.flv.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\jXcxQJvmWSH.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\jXcxQJvmWSH.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\JZtqv-Ht8d.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\JZtqv-Ht8d.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\k09yi.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\k09yi.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\k4W3FgSBO.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\k4W3FgSBO.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\KabYmsyxFc.ots.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\KabYmsyxFc.ots.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\KhzVlj3zvSya_QSP.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\KhzVlj3zvSya_QSP.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\KnLEp.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\KnLEp.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\kWBSa.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\kWBSa.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\lNI60Joqk.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\lNI60Joqk.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\LqkxAaKe.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\LqkxAaKe.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\lun6 cAVxh5v_gf.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\lun6 cAVxh5v_gf.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\lvau9ezjm-IJ83H.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\lvau9ezjm-IJ83H.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudt.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\lWsFNEOIL0dt.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\lWsFNEOIL0dt.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\M233lhenzlI1qOh7S.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\M233lhenzlI1qOh7S.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\MAdMS4nj6lKxPVU3Qq.flv.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\MAdMS4nj6lKxPVU3Qq.flv.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\mi_wLOzh1KYdT.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\mi_wLOzh1KYdT.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Music.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudtl.dat.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudtl.dat.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libcef.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudt.dll.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Music.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Na7yBkRxW5gqqSM.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Na7yBkRxW5gqqSM.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\nH86K6.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\nH86K6.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\nuY4Hm8K.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\nuY4Hm8K.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\oGW5RfGE.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\oGW5RfGE.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudtl.dat.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libcef.dll | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\oPsjoFF_yjtgH.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\oPsjoFF_yjtgH.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\OY2e9ZpvYz9WHskNo.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\OY2e9ZpvYz9WHskNo.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\pAW2h0x3EVM3a.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\pAW2h0x3EVM3a.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Pictures.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Pictures.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\PiQQ2Af9SozQW.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\PiQQ2Af9SozQW.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\PITEDAvXaKBnRk0o0Rq.flv.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\PITEDAvXaKBnRk0o0Rq.flv.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\PoJLcr-.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\PoJLcr-.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\pVHPwtaaDNFAoC4M.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\pVHPwtaaDNFAoC4M.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Q L_eRjm0p660.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Q L_eRjm0p660.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\q0Lfg4X0PkE9ZS3se1w.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\q0Lfg4X0PkE9ZS3se1w.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Qb6Lbi3WGNkGm5Fsb.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Qb6Lbi3WGNkGm5Fsb.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\qbqMc7tqk0OHjo.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\qbqMc7tqk0OHjo.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\qTCI3UPJCaElwZ_kQFs.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\qTCI3UPJCaElwZ_kQFs.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Q_es8BFAzUXGF.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Q_es8BFAzUXGF.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\RIx2rmbVwqoW8.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\RIx2rmbVwqoW8.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Roaming.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Roaming.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\S4LV8G9lLMuVvhD_.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\S4LV8G9lLMuVvhD_.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\SIFDsK.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\SIFDsK.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\stJWiNDshLbYz6A9e0.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\stJWiNDshLbYz6A9e0.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\T gX8S1T5U1t 9tD.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\T gX8S1T5U1t 9tD.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\TA-U1akG-mw78dYQNm.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\TA-U1akG-mw78dYQNm.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\TfjqF8FdQ404OO.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\TfjqF8FdQ404OO.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\tHoIqZLKj.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\tHoIqZLKj.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\TP9I5YPYS.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\TP9I5YPYS.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\TV3NN Qo4 w.ots.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\TV3NN Qo4 w.ots.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Tw_5ny7FyIp.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Tw_5ny7FyIp.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\uN4nA4DRfP80JeW.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\uN4nA4DRfP80JeW.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\upps V-.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\upps V-.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\v61SZlNC.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\v61SZlNC.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Videos.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Videos.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\vRIJHQaZ.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\vRIJHQaZ.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\vS-mM6Yaz.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\vS-mM6Yaz.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\w2eHCyHwy.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\w2eHCyHwy.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\W3Uw1oRrwQb.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\W3Uw1oRrwQb.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\WeiIllxySwU.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\WeiIllxySwU.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\xSsaFQ.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\xSsaFQ.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\XyWL728 6b.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\XyWL728 6b.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\xZ9DxfsKHn.flv.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\xZ9DxfsKHn.flv.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\y0sUcd8oq2UUq_m1.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\y0sUcd8oq2UUq_m1.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\yn-egCRnTLsz.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\yn-egCRnTLsz.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\ypIjGMI49qBzsbmxtX.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\ypIjGMI49qBzsbmxtX.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\z01dg_PvySCMBo21f.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\z01dg_PvySCMBo21f.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Z36qw0cQIhLjR.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Z36qw0cQIhLjR.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Z9V-uLii6iQFFW.flv.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Z9V-uLii6iQFFW.flv.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\ZMyqqk.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\ZMyqqk.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\zPlwGU07 kcnw.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\zPlwGU07 kcnw.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Zs9yv3z4sFjAieyNtlT (2).lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Zs9yv3z4sFjAieyNtlT (2).lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Zs9yv3z4sFjAieyNtlT.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\Zs9yv3z4sFjAieyNtlT.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\ZWhDza.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\ZWhDza.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\_vJflW.flv.lnk.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\_vJflW.flv.lnk.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\1bc9bbbe61f14501.automaticDestinations-ms.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\1bc9bbbe61f14501.automaticDestinations-ms.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\319f01bf9fe00f2d.automaticDestinations-ms.happy | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\319f01bf9fe00f2d.automaticDestinations-ms.happy | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\61ebb1e65cfcb8da.automaticDestinations-ms | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\61ebb1e65cfcb8da.automaticDestinations-ms | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\6d2bac8f1edf6668.automaticDestinations-ms | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\6d2bac8f1edf6668.automaticDestinations-ms | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\75668a91ce73b054.automaticDestinations-ms | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\75668a91ce73b054.automaticDestinations-ms | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\7e4dca80246863e3.automaticDestinations-ms | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\7e4dca80246863e3.automaticDestinations-ms | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\969252ce11249fdd.automaticDestinations-ms | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\969252ce11249fdd.automaticDestinations-ms | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\9cfafb05ce914942.automaticDestinations-ms | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\9cfafb05ce914942.automaticDestinations-ms | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\b8ab77100df80ab2.automaticDestinations-ms | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\b8ab77100df80ab2.automaticDestinations-ms | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\d00655d2aa12ff6d.automaticDestinations-ms | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\d00655d2aa12ff6d.automaticDestinations-ms | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\eb282ead62b4db87.automaticDestinations-ms | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\eb282ead62b4db87.automaticDestinations-ms | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\fb3b0dbfee58fac8.automaticDestinations-ms | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\fb3b0dbfee58fac8.automaticDestinations-ms | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\28c8b86deab549a1.customDestinations-ms | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\28c8b86deab549a1.customDestinations-ms | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\7e4dca80246863e3.customDestinations-ms | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\7e4dca80246863e3.customDestinations-ms | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\969252ce11249fdd.customDestinations-ms | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\969252ce11249fdd.customDestinations-ms | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\f01b4d95cf55d32a.customDestinations-ms | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\f01b4d95cf55d32a.customDestinations-ms | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\SendTo\Compressed (zipped) Folder.ZFSendToTarget | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\SendTo\Compressed (zipped) Folder.ZFSendToTarget | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\SendTo\Desktop (create shortcut).DeskLink | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\SendTo\Desktop (create shortcut).DeskLink | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\SendTo\Documents.mydocs | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\SendTo\Documents.mydocs | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\SendTo\Mail Recipient.MAPIMail | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\SendTo\Mail Recipient.MAPIMail | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Desktop.ini | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Desktop.ini | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libcef.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libcef.dll | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk.happy | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\cookies.sqlite.happy | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\cookies.sqlite |
|
1 | |
| Read | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\cookies.sqlite | size = 524288, size_out = 524288 |
|
1 | |
| Read | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\formhistory.sqlite | size = 196608, size_out = 196608 |
|
1 | |
| Read | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\key3.db | size = 16384, size_out = 16384 |
|
1 | |
| Read | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\places.sqlite | size = 10485760, size_out = 10485760 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\ncstatements.exe | size = 75280 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\ncstatements.exe | size = 75296 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\ReadMe.htm | size = 16656 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\ReadMe.htm.happy | size = 16656 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\ReadMe.htm | size = 16672 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\ReadMe.htm.happy | size = 16688 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll.happy | size = 186864 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll.happy | size = 324112 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\A3DUtils.dll.happy | size = 166928 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe.happy | size = 288272 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ACE.dll.happy | size = 954384 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Acrofx32.dll.happy | size = 79056 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll.happy | size = 23970832 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe.happy | size = 2227728 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe.happy | size = 29200 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Res.dll.happy | size = 14712848 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe.happy | size = 45072 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe.happy | size = 138768 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroSup64.dll.happy | size = 116752 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Adobe.Reader.Dependencies.manifest.happy | size = 1840 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeLinguistic.dll.happy | size = 886800 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeLinguistic.dll.happy | size = 516624 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\adoberfp.dll.happy | size = 284272 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\adoberfp.dll.happy | size = 284288 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeXMP.dll.happy | size = 306800 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AGM.dll.happy | size = 5135888 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AGMGPUOptIn.ini.happy | size = 1744 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ahclient.dll.happy | size = 272080 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIDE.dll.happy | size = 1141872 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe.happy | size = 86720 |
|
2 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AXE8SharedExpat.dll.happy | size = 199184 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AXSLE.dll.happy | size = 625168 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\BIB.dll.happy | size = 119312 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\BIBUtils.dll.happy | size = 158224 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_asym.dll.happy | size = 217632 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_asym.dll | size = 217632 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_asym.dll.happy | size = 217648 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_base.dll.happy | size = 404512 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_ecc.dll.happy | size = 379936 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Click on 'Change' to select default PDF handler.pdf | size = 186864 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Click on 'Change' to select default PDF handler.pdf.happy | size = 504352 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Click on 'Change' to select default PDF handler.pdf | size = 186880 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Click on 'Change' to select default PDF handler.pdf.happy | size = 186864 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Click on 'Change' to select default PDF handler.pdf.happy | size = 3611344 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Click on 'Change' to select default PDF handler.pdf.happy | size = 186864 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\CoolType.dll.happy | size = 2927632 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\cryptocme.dll.happy | size = 218656 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\cryptocme.sig.happy | size = 2960 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\DirectInk.dll.happy | size = 131088 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\DirectInk.dll.happy | size = 131104 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe.happy | size = 86128 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ExtendScript.dll.happy | size = 662208 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\icucnv40.dll.happy | size = 881344 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\icudt40.dll.happy | size = 96960 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\logsession.dll.happy | size = 401520 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe.happy | size = 353904 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe.happy | size = 353904 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Onix32.dll.happy | size = 762560 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\PDFPrevHndlr.dll | size = 97472 |
|
2 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\PDFPrevHndlr.dll.happy | size = 97472 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\PDFSigQFormalRep.pdf.happy | size = 468224 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\PDFSigQFormalRep.pdf.happy | size = 468224 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\pe.dll.happy | size = 1478336 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\pmd.cer.happy | size = 448 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe.happy | size = 53872 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\pe.dll.happy | size = 1478336 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\rt3d.dll.happy | size = 1591920 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\rt3d.dll.happy | size = 1591920 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ScCore.dll.happy | size = 587968 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\RTC.der.happy | size = 1120 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ScCore.dll.happy | size = 587984 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\sqlite.dll.happy | size = 323200 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ViewerPS.dll.happy | size = 17088 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ViewerPS.dll.happy | size = 17104 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Welcome.pdf.happy | size = 77520 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\AppCenter_R.aapp.happy | size = 320 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Certificates_R.aapp.happy | size = 720 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe.happy | size = 116944 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\CollectSignatures.aapp.happy | size = 400 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\CollectSignatures.aapp.happy | size = 416 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Combine_R_RHP.aapp.happy | size = 432 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Comments.aapp.happy | size = 3744 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\CPDF_Full.aapp.happy | size = 400 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\CPDF_RHP.aapp.happy | size = 400 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Compare_R_RHP.aapp.happy | size = 464 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Edit_R_Full.aapp.happy | size = 432 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Edit_R_RHP.aapp.happy | size = 432 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\EPDF_Full.aapp.happy | size = 416 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Edit_R_Exp_RHP.aapp.happy | size = 432 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\EPDF_RHP.aapp.happy | size = 432 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\FillSign.aapp.happy | size = 2704 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Home.aapp.happy | size = 384 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\MoreTools.aapp.happy | size = 368 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Measure.aapp.happy | size = 608 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Pages_R_RHP.aapp.happy | size = 432 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Protect_R_RHP.aapp.happy | size = 464 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\OptimizePDF_R_RHP.aapp.happy | size = 464 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Scan_R_RHP.aapp.happy | size = 480 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Stamp.aapp.happy | size = 592 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Redact_R_RHP.aapp.happy | size = 432 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\TrackedSend.aapp.happy | size = 416 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Viewer.aapp.happy | size = 320 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef_100_percent.pak.happy | size = 32 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef_200_percent.pak.happy | size = 32 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef_extensions.pak.happy | size = 32 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef.pak.happy | size = 32 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\chrome_elf.dll.happy | size = 439312 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\chrome_elf.dll.happy | size = 439312 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\COPYING.LGPLv2.1.txt.happy | size = 27056 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\d3dcompiler_43.dll.happy | size = 2106240 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\d3dcompiler_47.dll.happy | size = 3747536 |
|
2 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudt.dll.happy | size = 10177040 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudtl.dat.happy | size = 32 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudt.dll.happy | size = 10177040 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libcef.dll | size = 72940032 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libEGL.dll | size = 87648 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libGLESv2.dll | size = 2926176 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\LICENSE.txt | size = 1696 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\natives_blob.bin | size = 16 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | size = 12580864 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe | size = 20085248 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\snapshot_blob.bin | size = 16 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\en-US.pak | size = 16 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\widevinecdmadapter.dll | size = 221696 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll | size = 241152 |
|
2 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\manifest.json | size = 272 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe | size = 144896 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\AdobeID.pdf | size = 82080 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\DefaultID.pdf | size = 80656 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\nppdf32.dll | size = 241152 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\JSByteCodeWin.bin | size = 3589376 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\license.html | size = 43280 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\eula.ini | size = 1056 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Accessibility.api | size = 507504 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\en_US\stopwords.ENU | size = 8720 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm.api | size = 13307504 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annots.api | size = 7453808 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Checkers.api | size = 812144 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Checkers.api | size = 812144 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\DigSig.api | size = 1334896 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\DropboxStorage.api | size = 193648 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\DVA.api | size = 128112 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\eBook.api | size = 45680 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\EScript.api | size = 2621552 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\IA32.api | size = 109168 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\MakeAccessible.api | size = 2554480 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia.api | size = 1544304 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\PDDom.api | size = 431728 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\PDDom.api | size = 431728 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\PPKLite.api | size = 7265392 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\ReadOutLoud.api | size = 108144 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\reflow.api | size = 344688 |
|
2 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\SaveAsRTF.api | size = 435824 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Search.api | size = 431216 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\SendMail.api | size = 1906288 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Spelling.api | size = 304240 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\StorageConnectors.api | size = 317040 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Updater.api | size = 147568 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\weblink.api | size = 301680 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\adobepdf.xdc | size = 46112 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\PMP\AdobePDF417.pmp | size = 90640 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\PMP\DataMatrix.pmp | size = 499728 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\PMP\QRCode.pmp | size = 61968 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\Words.pdf | size = 112512 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\SignHere.pdf | size = 40736 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\Dynamic.pdf | size = 57232 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\StandardBusiness.pdf | size = 108768 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\MPP\Flash.mpp | size = 119312 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\MPP\MCIMPP.mpp | size = 96272 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\MPP\WindowsMedia.mpp | size = 218128 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\MPP\QuickTime.mpp | size = 273936 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe | size = 104960 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe | size = 243712 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\3difr.x3d | size = 246784 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\drvDX9.x3d | size = 802816 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\2d.x3d | size = 677376 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\drvSOFT.x3d | size = 180736 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\drvSOFT.x3d | size = 180736 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\prcr.x3d | size = 2373632 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\tesselate.x3d | size = 24064 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\prcr.x3d | size = 2373632 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\prc\MyriadCAD.otf | size = 78288 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\add_reviewer.gif | size = 1344 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\br.gif | size = 96 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\create_form.gif | size = 1200 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\distribute_form.gif | size = 832 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\bl.gif | size = 96 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\email_initiator.gif | size = 1376 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\ended_review_or_form.gif | size = 816 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\end_review.gif | size = 912 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\forms_distributed.gif | size = 624 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\email_all.gif | size = 1456 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\forms_received.gif | size = 624 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\form_responses.gif | size = 976 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\info.gif | size = 592 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\main.css | size = 11936 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\forms_super.gif | size = 560 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\pdf.gif | size = 496 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\reviewers.gif | size = 1456 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\reviews_joined.gif | size = 928 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\reviews_sent.gif | size = 912 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\open_original_form.gif | size = 816 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\reviews_super.gif | size = 816 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\review_browser.gif | size = 1152 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\review_same_reviewers.gif | size = 976 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\review_shared.gif | size = 1376 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\rss.gif | size = 224 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\server_issue.gif | size = 592 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\review_email.gif | size = 1408 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\server_lg.gif | size = 1264 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\server_ok.gif | size = 240 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\stop_collection_data.gif | size = 928 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\submission_history.gif | size = 912 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\tl.gif | size = 96 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\tl.gif | size = 112 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\tr.gif | size = 96 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\trash.gif | size = 1168 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\turnOffNotificationInTray.gif | size = 1008 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\turnOnNotificationInAcrobat.gif | size = 832 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\turnOnNotificationInTray.gif | size = 1008 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\warning.gif | size = 384 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\turnOffNotificationInAcrobat.gif | size = 832 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\UIThemes\DarkTheme.acrotheme | size = 6864 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\UIThemes\LightTheme.acrotheme | size = 6928 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\base_uris.js | size = 3936 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\init.js | size = 7632 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\index.html | size = 3376 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\variant.js | size = 272 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\plugins.js | size = 17296 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\main-cef-mac.css | size = 2544 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\version.js | size = 1376 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\main-cef-ui-theme.css | size = 2528 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\main-cef-win.css | size = 9792 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\main-cef-win8.css | size = 8560 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\main-cef.css | size = 52000 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\main-high-contrast.css | size = 140576 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\A12_Spinner.gif | size = 6800 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\A12_Spinner_2x.gif | size = 15152 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\A12_Spinner_int.gif | size = 6720 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\A12_Spinner_int_2x.gif | size = 16448 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\main.css | size = 167712 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\adc_logo.png | size = 3712 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\adobe_spinner_mini.gif | size = 304 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\adobe_spinner.gif | size = 560 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\apple-touch-icon-144x144-precomposed.png | size = 9056 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\apple-touch-icon-114x114-precomposed.png | size = 4784 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\apple-touch-icon-72x72-precomposed.png | size = 3728 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\ccloud.png | size = 2128 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\apple-touch-icon-57x57-precomposed.png | size = 2768 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\close_x.png | size = 320 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\ccloud_retina.png | size = 12688 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\core_icons.png | size = 29600 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\core_icons_retina.png | size = 66736 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\favicon.ico | size = 8352 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\dd_arrow_small.png | size = 1104 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\illustrations.png | size = 4496 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\illustrations_retina.png | size = 10400 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\japanese_over.png | size = 576 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\ind_prog.gif | size = 19856 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\large_trefoil.png | size = 2032 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\large_trefoil_2x.png | size = 4336 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\logo_retina.png | size = 6960 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\progress-indeterminate.gif | size = 1136 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\progress_spinner.gif | size = 14640 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\progress_spinner2x.gif | size = 37504 |
|
1 | |
| Write | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\progress_spinner_dark.gif | size = 10816 |
|
1 | |
|
For performance reasons, the remaining 3300 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
Registry (157)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\XML | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\SOFTWARE\Microsoft\.NETFramework\XML | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\AppContext | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\System.Net.ServicePointManager.SecurityProtocol | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\T1\T1\1.0.0.0 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | - |
|
7 | |
| Open Key | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | - |
|
5 | |
| Open Key | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | - |
|
3 | |
| Open Key | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | - |
|
3 | |
| Open Key | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | - |
|
3 | |
| Open Key | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | - |
|
2 | |
| Open Key | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | - |
|
6 | |
| Open Key | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | - |
|
2 | |
| Open Key | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework | value_name = DbgJITDebugLaunchSetting, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework | value_name = DbgManagedDebugger, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | value_name = TZI, type = REG_BINARY |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST | value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST | value_name = FirstEntry, data = 2007, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST | value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST | value_name = LastEntry, data = 2008, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST | value_name = 2007, type = REG_BINARY |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST | value_name = 2008, type = REG_BINARY |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | value_name = MUI_Display, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | value_name = MUI_Display, data = @tzres.dll,-670, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | value_name = MUI_Std, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | value_name = MUI_Std, data = @tzres.dll,-672, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | value_name = MUI_Dlt, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | value_name = MUI_Dlt, data = @tzres.dll,-671, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion | value_name = InstallationType, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion | value_name = InstallationType, data = Client, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 | value_name = HWRPortReuseOnSocketBind, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 | value_name = SchUseStrongCrypto, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | value_name = Cortana, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system | value_name = DisableTaskMgr, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system | value_name = DisableRegistryTools, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings | value_name = Enabled, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework | value_name = LegacyWPADSupport, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | value_name = Cortana, data = 0, type = REG_SZ |
|
7 | |
| Read Value | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | value_name = Cortana, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | value_name = Cortana, data = 0, type = REG_SZ |
|
5 | |
| Read Value | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | value_name = Cortana, data = 0, type = REG_SZ |
|
3 | |
| Read Value | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | value_name = Cortana, data = 0, type = REG_SZ |
|
3 | |
| Read Value | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | value_name = Cortana, data = 0, type = REG_SZ |
|
3 | |
| Read Value | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | value_name = Cortana, data = 0, type = REG_SZ |
|
2 | |
| Read Value | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | value_name = Cortana, data = 0, type = REG_SZ |
|
6 | |
| Read Value | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | value_name = Cortana, data = 0, type = REG_SZ |
|
2 | |
| Read Value | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | value_name = Cortana, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | value_name = Cortana, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | value_name = Cortana, data = 0, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | value_name = Cortana, data = C:\Users\CIiHmnxMn6Ps\Desktop\T1.exe, size = 74, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system | value_name = DisableTaskMgr, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system | value_name = DisableRegistryTools, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings | value_name = Enabled, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | value_name = Cortana, data = C:\Users\CIiHmnxMn6Ps\Desktop\T1.exe, size = 74, type = REG_SZ |
|
7 | |
| Write Value | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | value_name = Cortana, data = C:\Users\CIiHmnxMn6Ps\Desktop\T1.exe, size = 74, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | value_name = Cortana, data = C:\Users\CIiHmnxMn6Ps\Desktop\T1.exe, size = 74, type = REG_SZ |
|
5 | |
| Write Value | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | value_name = Cortana, data = C:\Users\CIiHmnxMn6Ps\Desktop\T1.exe, size = 74, type = REG_SZ |
|
3 | |
| Write Value | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | value_name = Cortana, data = C:\Users\CIiHmnxMn6Ps\Desktop\T1.exe, size = 74, type = REG_SZ |
|
3 | |
| Write Value | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | value_name = Cortana, data = C:\Users\CIiHmnxMn6Ps\Desktop\T1.exe, size = 74, type = REG_SZ |
|
3 | |
| Write Value | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | value_name = Cortana, data = C:\Users\CIiHmnxMn6Ps\Desktop\T1.exe, size = 74, type = REG_SZ |
|
2 | |
| Write Value | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | value_name = Cortana, data = C:\Users\CIiHmnxMn6Ps\Desktop\T1.exe, size = 74, type = REG_SZ |
|
6 | |
| Write Value | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | value_name = Cortana, data = C:\Users\CIiHmnxMn6Ps\Desktop\T1.exe, size = 74, type = REG_SZ |
|
2 | |
| Write Value | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | value_name = Cortana, data = C:\Users\CIiHmnxMn6Ps\Desktop\T1.exe, size = 74, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | value_name = Cortana, data = C:\Users\CIiHmnxMn6Ps\Desktop\T1.exe, size = 74, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | value_name = Cortana, data = C:\Users\CIiHmnxMn6Ps\Desktop\T1.exe, size = 74, type = REG_SZ |
|
1 |
Process (2)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | wmic.exe | show_window = SW_HIDE |
|
1 | |
| Create | cmd.exe | show_window = SW_HIDE |
|
1 |
Module (97)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | comctl32.dll | base_address = 0x71360000 |
|
1 | |
| Load | comctl32.dll | base_address = 0x73fa0000 |
|
1 | |
| Load | C:\Windows\Microsoft.NET\Framework\v4.0.30319\\wminet_utils.dll | base_address = 0x6fd70000 |
|
1 | |
| Load | C:\Windows\system32\en-US\tzres.dll.mui | base_address = 0x7bc0001 |
|
3 | |
| Load | bcrypt | base_address = 0x73d90000 |
|
1 | |
| Get Handle | comctl32.dll | base_address = 0x0 |
|
2 | |
| Get Handle | c:\windows\syswow64\user32.dll | base_address = 0x769f0000 |
|
1 | |
| Get Handle | c:\users\ciihmnxmn6ps\desktop\t1.exe | base_address = 0xf10000 |
|
12 | |
| Get Handle | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_49c02355cf03478c\comctl32.dll | base_address = 0x71360000 |
|
20 | |
| Get Handle | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849\comctl32.dll | base_address = 0x73fa0000 |
|
3 | |
| Get Filename | c:\users\ciihmnxmn6ps\desktop\t1.exe | process_name = c:\users\ciihmnxmn6ps\desktop\t1.exe, file_name_orig = C:\Users\CIiHmnxMn6Ps\Desktop\T1.exe, size = 2048 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = DefWindowProcW, address_out = 0x7718caa0 |
|
1 | |
| Get Address | Unknown module name | function = ResetSecurity, address_out = 0x6fd724de |
|
1 | |
| Get Address | Unknown module name | function = SetSecurity, address_out = 0x6fd72520 |
|
1 | |
| Get Address | Unknown module name | function = BlessIWbemServices, address_out = 0x6fd71c69 |
|
1 | |
| Get Address | Unknown module name | function = BlessIWbemServicesObject, address_out = 0x6fd71cbb |
|
1 | |
| Get Address | Unknown module name | function = GetPropertyHandle, address_out = 0x6fd721b4 |
|
1 | |
| Get Address | Unknown module name | function = WritePropertyValue, address_out = 0x6fd72617 |
|
1 | |
| Get Address | Unknown module name | function = Clone, address_out = 0x6fd71d0d |
|
2 | |
| Get Address | Unknown module name | function = VerifyClientKey, address_out = 0x6fd725b4 |
|
1 | |
| Get Address | Unknown module name | function = GetQualifierSet, address_out = 0x6fd72215 |
|
1 | |
| Get Address | Unknown module name | function = Get, address_out = 0x6fd720d4 |
|
1 | |
| Get Address | Unknown module name | function = Put, address_out = 0x6fd722be |
|
1 | |
| Get Address | Unknown module name | function = Delete, address_out = 0x6fd71f31 |
|
1 | |
| Get Address | Unknown module name | function = GetNames, address_out = 0x6fd72182 |
|
1 | |
| Get Address | Unknown module name | function = BeginEnumeration, address_out = 0x6fd71c43 |
|
1 | |
| Get Address | Unknown module name | function = Next, address_out = 0x6fd72283 |
|
1 | |
| Get Address | Unknown module name | function = EndEnumeration, address_out = 0x6fd71fc2 |
|
1 | |
| Get Address | Unknown module name | function = GetPropertyQualifierSet, address_out = 0x6fd721ff |
|
1 | |
| Get Address | Unknown module name | function = GetObjectText, address_out = 0x6fd7219e |
|
1 | |
| Get Address | Unknown module name | function = SpawnDerivedClass, address_out = 0x6fd72566 |
|
1 | |
| Get Address | Unknown module name | function = SpawnInstance, address_out = 0x6fd7257c |
|
1 | |
| Get Address | Unknown module name | function = CompareTo, address_out = 0x6fd71d8d |
|
1 | |
| Get Address | Unknown module name | function = GetPropertyOrigin, address_out = 0x6fd721e9 |
|
1 | |
| Get Address | Unknown module name | function = InheritsFrom, address_out = 0x6fd72228 |
|
1 | |
| Get Address | Unknown module name | function = GetMethod, address_out = 0x6fd7213a |
|
1 | |
| Get Address | Unknown module name | function = PutMethod, address_out = 0x6fd723da |
|
1 | |
| Get Address | Unknown module name | function = DeleteMethod, address_out = 0x6fd71f44 |
|
1 | |
| Get Address | Unknown module name | function = BeginMethodEnumeration, address_out = 0x6fd71c56 |
|
1 | |
| Get Address | Unknown module name | function = NextMethod, address_out = 0x6fd722a2 |
|
1 | |
| Get Address | Unknown module name | function = EndMethodEnumeration, address_out = 0x6fd71fd2 |
|
1 | |
| Get Address | Unknown module name | function = GetMethodQualifierSet, address_out = 0x6fd7216c |
|
1 | |
| Get Address | Unknown module name | function = GetMethodOrigin, address_out = 0x6fd72156 |
|
1 | |
| Get Address | Unknown module name | function = QualifierSet_Get, address_out = 0x6fd7242c |
|
1 | |
| Get Address | Unknown module name | function = QualifierSet_Put, address_out = 0x6fd7247a |
|
1 | |
| Get Address | Unknown module name | function = QualifierSet_Delete, address_out = 0x6fd72409 |
|
1 | |
| Get Address | Unknown module name | function = QualifierSet_GetNames, address_out = 0x6fd72448 |
|
1 | |
| Get Address | Unknown module name | function = QualifierSet_BeginEnumeration, address_out = 0x6fd723f6 |
|
1 | |
| Get Address | Unknown module name | function = QualifierSet_Next, address_out = 0x6fd7245e |
|
1 | |
| Get Address | Unknown module name | function = QualifierSet_EndEnumeration, address_out = 0x6fd7241c |
|
1 | |
| Get Address | Unknown module name | function = GetCurrentApartmentType, address_out = 0x6fd72215 |
|
1 | |
| Get Address | Unknown module name | function = GetDemultiplexedStub, address_out = 0x6fd720f3 |
|
1 | |
| Get Address | Unknown module name | function = CreateInstanceEnumWmi, address_out = 0x6fd71ebb |
|
1 | |
| Get Address | Unknown module name | function = CreateClassEnumWmi, address_out = 0x6fd71e45 |
|
1 | |
| Get Address | Unknown module name | function = ExecQueryWmi, address_out = 0x6fd7205b |
|
1 | |
| Get Address | Unknown module name | function = ExecNotificationQueryWmi, address_out = 0x6fd71fe2 |
|
1 | |
| Get Address | Unknown module name | function = PutInstanceWmi, address_out = 0x6fd7235a |
|
1 | |
| Get Address | Unknown module name | function = PutClassWmi, address_out = 0x6fd722da |
|
1 | |
| Get Address | Unknown module name | function = CloneEnumWbemClassObject, address_out = 0x6fd71d20 |
|
1 | |
| Get Address | Unknown module name | function = ConnectServerWmi, address_out = 0x6fd71da3 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentPackageId, address_out = 0x76be3c90 |
|
1 |
User (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Lookup Privilege | privilege = SeDebugPrivilege, luid = 20 |
|
1 |
Window (28)
| Operation | Window Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | - | class_name = WindowsForms10.Window.8.app.0.141b42a_r12_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | .NET-BroadcastEventWindow.4.0.0.0.141b42a.0 | class_name = .NET-BroadcastEventWindow.4.0.0.0.141b42a.0, wndproc_parameter = 0 |
|
1 | |
| Create | Form1 | class_name = WindowsForms10.Window.8.app.0.141b42a_r12_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | - | class_name = WindowsForms10.Window.0.app.0.141b42a_r12_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | Decrypt | class_name = WindowsForms10.BUTTON.app.0.141b42a_r12_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | Encrypt | class_name = WindowsForms10.BUTTON.app.0.141b42a_r12_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | TimerNativeWindow | class_name = WindowsForms10.Window.0.app.0.141b42a_r12_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | TimerNativeWindow | class_name = WindowsForms10.Window.0.app.0.141b42a_r12_ad1, wndproc_parameter = 0 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.Window.8.app.0.141b42a_r12_ad1, index = 18446744073709551612, new_long = 1998113440 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.Window.8.app.0.141b42a_r12_ad1, index = 18446744073709551612, new_long = 90834470 |
|
1 | |
| Set Attribute | Form1 | class_name = WindowsForms10.Window.8.app.0.141b42a_r12_ad1, index = 18446744073709551612, new_long = 1998113440 |
|
1 | |
| Set Attribute | Form1 | class_name = WindowsForms10.Window.8.app.0.141b42a_r12_ad1, index = 18446744073709551612, new_long = 90834590 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.Window.0.app.0.141b42a_r12_ad1, index = 18446744073709551612, new_long = 1998113440 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.Window.0.app.0.141b42a_r12_ad1, index = 18446744073709551612, new_long = 90834670 |
|
1 | |
| Set Attribute | Form1 | class_name = WindowsForms10.Window.8.app.0.141b42a_r12_ad1, index = 18446744073709551608, new_long = 262168 |
|
1 | |
| Set Attribute | Form1 | class_name = WindowsForms10.Window.8.app.0.141b42a_r12_ad1, index = 18446744073709551608, new_long = 262168 |
|
1 | |
| Set Attribute | Form1 | class_name = WindowsForms10.Window.8.app.0.141b42a_r12_ad1, index = 18446744073709551600, new_long = 50397184 |
|
1 | |
| Set Attribute | Form1 | class_name = WindowsForms10.Window.8.app.0.141b42a_r12_ad1, index = 18446744073709551596, new_long = 589824 |
|
1 | |
| Set Attribute | Decrypt | class_name = WindowsForms10.BUTTON.app.0.141b42a_r12_ad1, index = 18446744073709551612, new_long = 1946280640 |
|
1 | |
| Set Attribute | Decrypt | class_name = WindowsForms10.BUTTON.app.0.141b42a_r12_ad1, index = 18446744073709551612, new_long = 90834790 |
|
1 | |
| Set Attribute | Decrypt | class_name = WindowsForms10.BUTTON.app.0.141b42a_r12_ad1, index = 18446744073709551604, new_long = 393306 |
|
1 | |
| Set Attribute | Encrypt | class_name = WindowsForms10.BUTTON.app.0.141b42a_r12_ad1, index = 18446744073709551612, new_long = 1946280640 |
|
1 | |
| Set Attribute | Encrypt | class_name = WindowsForms10.BUTTON.app.0.141b42a_r12_ad1, index = 18446744073709551612, new_long = 90834830 |
|
1 | |
| Set Attribute | Encrypt | class_name = WindowsForms10.BUTTON.app.0.141b42a_r12_ad1, index = 18446744073709551604, new_long = 327736 |
|
1 | |
| Set Attribute | TimerNativeWindow | class_name = WindowsForms10.Window.0.app.0.141b42a_r12_ad1, index = 18446744073709551612, new_long = 1998113440 |
|
1 | |
| Set Attribute | TimerNativeWindow | class_name = WindowsForms10.Window.0.app.0.141b42a_r12_ad1, index = 18446744073709551612, new_long = 90834982 |
|
1 | |
| Set Attribute | TimerNativeWindow | class_name = WindowsForms10.Window.0.app.0.141b42a_r12_ad1, index = 18446744073709551612, new_long = 1998113440 |
|
1 | |
| Set Attribute | TimerNativeWindow | class_name = WindowsForms10.Window.0.app.0.141b42a_r12_ad1, index = 18446744073709551612, new_long = 90835022 |
|
1 |
Keyboard (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | type = KB_LOCALE_ID, os_tid = 0, result_out = 67699721 |
|
2 |
System (860)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open Certificate Store | encoding_type = 65537, flags = 8708 |
|
1 | |
| Open Certificate Store | encoding_type = 65537, flags = 8708 |
|
1 | |
| Sleep | duration = -1 (infinite) |
|
1 | |
| Sleep | duration = 100000 milliseconds (100.000 seconds) |
|
1 | |
| Sleep | duration = 5000 milliseconds (5.000 seconds) |
|
1 | |
| Sleep | duration = 850 milliseconds (0.850 seconds) |
|
1 | |
| Sleep | duration = 2000 milliseconds (2.000 seconds) |
|
1 | |
| Sleep | duration = 89906 milliseconds (89.906 seconds) |
|
1 | |
| Sleep | duration = 0 milliseconds (0.000 seconds) |
|
700 | |
| Sleep | duration = 79828 milliseconds (79.828 seconds) |
|
1 | |
| Sleep | duration = 1 milliseconds (0.001 seconds) |
|
6 | |
| Sleep | duration = 5 milliseconds (0.005 seconds) |
|
63 | |
| Sleep | duration = 69828 milliseconds (69.828 seconds) |
|
1 | |
| Sleep | duration = 59766 milliseconds (59.766 seconds) |
|
1 | |
| Sleep | duration = 49750 milliseconds (49.750 seconds) |
|
1 | |
| Sleep | duration = 39437 milliseconds (39.437 seconds) |
|
1 | |
| Sleep | duration = 29359 milliseconds (29.359 seconds) |
|
1 | |
| Sleep | duration = 19359 milliseconds (19.359 seconds) |
|
1 | |
| Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
76 |
Mutex (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Create | - |
|
1 | |
| Release | - |
|
1 |
Environment (17)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | name = tmp, result_out = C:\Users\CIIHMN~1\AppData\Local\Temp |
|
2 | |
| Get Environment String | name = localappdata, result_out = C:\Users\CIiHmnxMn6Ps\AppData\Local |
|
2 | |
| Get Environment String | name = PinnableBufferCache_System.Net.SslStream_Disabled |
|
2 | |
| Get Environment String | name = PinnableBufferCache_System.Net.SslStream_MinCount |
|
2 | |
| Get Environment String | name = ProgramFiles, result_out = C:\Program Files (x86) |
|
1 | |
| Get Environment String | name = PROGRAMFILES(x86), result_out = C:\Program Files (x86) |
|
1 | |
| Get Environment String | name = SystemRoot, result_out = C:\Windows |
|
1 | |
| Get Environment String | name = appdata, result_out = C:\Users\CIiHmnxMn6Ps\AppData\Roaming |
|
1 | |
| Get Environment String | name = systemroot, result_out = C:\Windows |
|
1 | |
| Get Environment String | name = PinnableBufferCache_System.Net.HttpWebRequest_Disabled |
|
1 | |
| Get Environment String | name = PinnableBufferCache_System.Net.HttpWebRequest_MinCount |
|
1 | |
| Get Environment String | name = PinnableBufferCache_System.Net.Connection_Disabled |
|
1 | |
| Get Environment String | name = PinnableBufferCache_System.Net.Connection_MinCount |
|
1 |
Network Behavior
DNS (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Resolve Name | host = mail.gmx.net, address_out = 212.227.17.190, 212.227.17.168 |
|
1 | |
| Resolve Name | host = finndev.net, address_out = 91.134.128.42 |
|
1 |
TCP Sessions (2)
| Information | Value |
|---|---|
| Total Data Sent | 99.14 KB |
| Total Data Received | 216.19 KB |
| Contacted Host Count | 2 |
| Contacted Hosts | 212.227.17.190:587, 91.134.128.42:443 |
TCP Session #1
| Information | Value |
|---|---|
| Handle | 0x56c |
| Address Family | AF_INET |
| Type | SOCK_STREAM |
| Protocol | IPPROTO_TCP |
| Remote Address | 212.227.17.190 |
| Remote Port | 587 |
| Local Address | 0.0.0.0 |
| Local Port | 49423 |
| Data Sent | 98.74 KB |
| Data Received | 5.84 KB |
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Create | protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM |
|
1 | |
| Connect | remote_address = 212.227.17.190, remote_port = 587 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 256, size_out = 52 |
|
1 | |
| Send | flags = NO_FLAG_SET, size = 14, size_out = 14 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 256, size_out = 113 |
|
1 | |
| Send | flags = NO_FLAG_SET, size = 10, size_out = 10 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 256, size_out = 8 |
|
1 | |
| Send | flags = NO_FLAG_SET, size = 176, size_out = 176 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 87, size_out = 87 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 4796, size_out = 4796 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 333, size_out = 333 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 4, size_out = 4 |
|
1 | |
| Send | flags = NO_FLAG_SET, size = 126, size_out = 126 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1, size_out = 1 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 40, size_out = 40 |
|
1 | |
| Send | flags = NO_FLAG_SET, size = 43, size_out = 43 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 123, size_out = 123 |
|
1 | |
| Send | flags = NO_FLAG_SET, size = 62, size_out = 62 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 42, size_out = 42 |
|
1 | |
| Send | flags = NO_FLAG_SET, size = 55, size_out = 55 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 54, size_out = 54 |
|
1 | |
| Send | flags = NO_FLAG_SET, size = 56, size_out = 56 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 67, size_out = 67 |
|
1 | |
| Send | flags = NO_FLAG_SET, size = 54, size_out = 54 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 32, size_out = 32 |
|
1 | |
| Send | flags = NO_FLAG_SET, size = 35, size_out = 35 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 70, size_out = 70 |
|
1 | |
| Send | flags = NO_FLAG_SET, size = 258, size_out = 258 |
|
1 | |
| Send | flags = NO_FLAG_SET, size = 175, size_out = 175 |
|
1 | |
| Send | flags = NO_FLAG_SET, size = 149, size_out = 149 |
|
1 | |
| Send | flags = NO_FLAG_SET, size = 211, size_out = 211 |
|
1 | |
| Send | flags = NO_FLAG_SET, size = 16384, size_out = 16384 |
|
6 | |
| Send | flags = NO_FLAG_SET, size = 1233, size_out = 1233 |
|
1 | |
| Send | flags = NO_FLAG_SET, size = 86, size_out = 86 |
|
1 | |
| Send | flags = NO_FLAG_SET, size = 31, size_out = 31 |
|
1 | |
| Send | flags = NO_FLAG_SET, size = 34, size_out = 34 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 96, size_out = 96 |
|
1 |
TCP Session #2
| Information | Value |
|---|---|
| Handle | 0x420 |
| Address Family | AF_INET |
| Type | SOCK_STREAM |
| Protocol | IPPROTO_TCP |
| Remote Address | 91.134.128.42 |
| Remote Port | 443 |
| Local Address | 0.0.0.0 |
| Local Port | 49424 |
| Data Sent | 409 bytes |
| Data Received | 210.34 KB |
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Create | protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM |
|
1 | |
| Connect | remote_address = 91.134.128.42, remote_port = 443 |
|
1 | |
| Send | flags = NO_FLAG_SET, size = 175, size_out = 175 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 93, size_out = 93 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 2806, size_out = 2806 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 589, size_out = 589 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 4, size_out = 4 |
|
1 | |
| Send | flags = NO_FLAG_SET, size = 126, size_out = 126 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1, size_out = 1 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 40, size_out = 40 |
|
1 | |
| Send | flags = NO_FLAG_SET, size = 108, size_out = 108 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 407, size_out = 407 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 2920, size_out = 2920 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 4368, size_out = 4368 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 4368, size_out = 4368 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 2920, size_out = 2920 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 8712, size_out = 8712 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 2920, size_out = 2920 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 2920, size_out = 2920 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 4368, size_out = 4368 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 4368, size_out = 4368 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 8712, size_out = 7292 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1420, size_out = 1420 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1427 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 45, size_out = 45 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 2920, size_out = 1455 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1465, size_out = 1465 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 4368, size_out = 4368 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1406 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 66, size_out = 66 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 4368, size_out = 4368 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1124 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 348, size_out = 348 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1022 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 450, size_out = 450 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 903 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 569, size_out = 569 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 886 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 586, size_out = 586 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 2920, size_out = 2920 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 4368, size_out = 3699 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 669, size_out = 669 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 2920, size_out = 2920 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 662 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 810, size_out = 810 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 424 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1048, size_out = 1048 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 4368, size_out = 1765 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 2603, size_out = 2603 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1152, size_out = 1152 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1472, size_out = 1472 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 |
Process #15: wmic.exe
17
0
| Information | Value |
|---|---|
| ID | #15 |
| File Name | c:\windows\syswow64\wbem\wmic.exe |
| Command Line | "C:\Windows\System32\wbem\WMIC.exe" shadowcopy delete |
| Initial Working Directory | C:\Windows\SysWOW64\ |
| Monitor | Start Time: 00:03:24, Reason: Child Process |
| Unmonitor | End Time: 00:03:34, Reason: Self Terminated |
| Monitor Duration | 00:00:10 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xbc4 |
| Parent PID | 0x844 (c:\users\ciihmnxmn6ps\desktop\t1.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
B3C
0x
7E8
0x
824
0x
5FC
0x
AF4
0x
614
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| wmic.exe | 0x00d10000 | 0x00d73fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x0000000000eb0000 | 0x00eb0000 | 0x04eaffff | Pagefile Backed Memory | - |
|
|
|
- |
| private_0x0000000004eb0000 | 0x04eb0000 | 0x04ecffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000004eb0000 | 0x04eb0000 | 0x04ebffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000004ec0000 | 0x04ec0000 | 0x04ec3fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004ed0000 | 0x04ed0000 | 0x04ed1fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000004ed0000 | 0x04ed0000 | 0x04ed0fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000004ee0000 | 0x04ee0000 | 0x04ef3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000004f00000 | 0x04f00000 | 0x04f3ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004f40000 | 0x04f40000 | 0x04f7ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000004f80000 | 0x04f80000 | 0x04f83fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000004f90000 | 0x04f90000 | 0x04f90fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000004fa0000 | 0x04fa0000 | 0x04fa1fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004fb0000 | 0x04fb0000 | 0x04feffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004ff0000 | 0x04ff0000 | 0x0502ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005030000 | 0x05030000 | 0x0512ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000005130000 | 0x05130000 | 0x05130fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000005140000 | 0x05140000 | 0x05143fff | Private Memory | rw |
|
|
|
- |
| msxml3r.dll | 0x05150000 | 0x05150fff | Memory Mapped File | r |
|
|
|
- |
| wmic.exe.mui | 0x05160000 | 0x0516ffff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000005170000 | 0x05170000 | 0x0517ffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x05180000 | 0x0523dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000005240000 | 0x05240000 | 0x052bffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005240000 | 0x05240000 | 0x0525ffff | Private Memory | - |
|
|
|
- |
| imm32.dll | 0x05260000 | 0x05289fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000005260000 | 0x05260000 | 0x05260fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005270000 | 0x05270000 | 0x05270fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000005280000 | 0x05280000 | 0x05280fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000005280000 | 0x05280000 | 0x05283fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000005290000 | 0x05290000 | 0x0529cfff | Pagefile Backed Memory | rw |
|
|
|
- |
| wmiutils.dll.mui | 0x05290000 | 0x05294fff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000000052b0000 | 0x052b0000 | 0x052bffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000052d0000 | 0x052d0000 | 0x052dffff | Private Memory | rw |
|
|
|
- |
| sortdefault.nls | 0x052e0000 | 0x05616fff | Memory Mapped File | r |
|
|
|
- |
| ole32.dll | 0x05620000 | 0x05708fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000005620000 | 0x05620000 | 0x057cffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005620000 | 0x05620000 | 0x0573ffff | Private Memory | rw |
|
|
|
- |
| kernelbase.dll.mui | 0x05620000 | 0x056fefff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000005730000 | 0x05730000 | 0x0573ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005740000 | 0x05740000 | 0x0577ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005780000 | 0x05780000 | 0x057bffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000057c0000 | 0x057c0000 | 0x057cffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000057d0000 | 0x057d0000 | 0x0598ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000057d0000 | 0x057d0000 | 0x0597ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000057d0000 | 0x057d0000 | 0x058effff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000057d0000 | 0x057d0000 | 0x05887fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000005890000 | 0x05890000 | 0x058cffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000058e0000 | 0x058e0000 | 0x058effff | Private Memory | rw |
|
|
|
- |
| private_0x00000000058f0000 | 0x058f0000 | 0x0592ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005930000 | 0x05930000 | 0x0596ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005970000 | 0x05970000 | 0x0597ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005980000 | 0x05980000 | 0x0598ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005990000 | 0x05990000 | 0x05b7ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000005990000 | 0x05990000 | 0x05b17fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000005b20000 | 0x05b20000 | 0x05b5ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005b70000 | 0x05b70000 | 0x05b7ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005b80000 | 0x05b80000 | 0x05f7ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000005f80000 | 0x05f80000 | 0x06100fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000006110000 | 0x06110000 | 0x0750ffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000007510000 | 0x07510000 | 0x0764ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000007510000 | 0x07510000 | 0x0754ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000007550000 | 0x07550000 | 0x0758ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000007640000 | 0x07640000 | 0x0764ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000007650000 | 0x07650000 | 0x0774ffff | Private Memory | rw |
|
|
|
- |
| wow64win.dll | 0x61770000 | 0x617e2fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x617f0000 | 0x6183efff | Memory Mapped File | rwx |
|
|
|
- |
| wow64cpu.dll | 0x61840000 | 0x61847fff | Memory Mapped File | rwx |
|
|
|
- |
| ucrtbase.dll | 0x6f210000 | 0x6f2ebfff | Memory Mapped File | rwx |
|
|
|
- |
| vcruntime140.dll | 0x6f2f0000 | 0x6f304fff | Memory Mapped File | rwx |
|
|
|
- |
| wininet.dll | 0x6f310000 | 0x6f533fff | Memory Mapped File | rwx |
|
|
|
- |
| msxml3.dll | 0x6f540000 | 0x6f6cffff | Memory Mapped File | rwx |
|
|
|
- |
| framedynos.dll | 0x6f6f0000 | 0x6f72efff | Memory Mapped File | rwx |
|
|
|
- |
| iertutil.dll | 0x6f800000 | 0x6fac0fff | Memory Mapped File | rwx |
|
|
|
- |
| fastprox.dll | 0x6fc90000 | 0x6fd4bfff | Memory Mapped File | rwx |
|
|
|
- |
| wbemsvc.dll | 0x6fd50000 | 0x6fd60fff | Memory Mapped File | rwx |
|
|
|
- |
| wbemprox.dll | 0x6fd80000 | 0x6fd8cfff | Memory Mapped File | rwx |
|
|
|
- |
| wbemcomn.dll | 0x6fd90000 | 0x6fdf5fff | Memory Mapped File | rwx |
|
|
|
- |
| wmiutils.dll | 0x6fe00000 | 0x6fe1dfff | Memory Mapped File | rwx |
|
|
|
- |
| winnsi.dll | 0x6fef0000 | 0x6fef7fff | Memory Mapped File | rwx |
|
|
|
- |
| iphlpapi.dll | 0x6ff00000 | 0x6ff2ffff | Memory Mapped File | rwx |
|
|
|
- |
| dwmapi.dll | 0x71340000 | 0x7135cfff | Memory Mapped File | rwx |
|
|
|
- |
| msoxmlmf.dll | 0x73900000 | 0x7390dfff | Memory Mapped File | rwx |
|
|
|
- |
| urlmon.dll | 0x739f0000 | 0x73b4ffff | Memory Mapped File | rwx |
|
|
|
- |
| rsaenh.dll | 0x73d60000 | 0x73d8efff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x73d90000 | 0x73daafff | Memory Mapped File | rwx |
|
|
|
- |
| cryptsp.dll | 0x73db0000 | 0x73dc2fff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x73f20000 | 0x73f94fff | Memory Mapped File | rwx |
|
|
|
- |
| bcryptprimitives.dll | 0x741b0000 | 0x74208fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x74210000 | 0x74219fff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x74220000 | 0x7423dfff | Memory Mapped File | rwx |
|
|
|
- |
| ws2_32.dll | 0x74240000 | 0x7429bfff | Memory Mapped File | rwx |
|
|
|
- |
| combase.dll | 0x742a0000 | 0x74459fff | Memory Mapped File | rwx |
|
|
|
- |
| ole32.dll | 0x74460000 | 0x74549fff | Memory Mapped File | rwx |
|
|
|
- |
| nsi.dll | 0x745f0000 | 0x745f6fff | Memory Mapped File | rwx |
|
|
|
- |
| shcore.dll | 0x74600000 | 0x7468cfff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x75ca0000 | 0x75ccafff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x761b0000 | 0x761f2fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x76390000 | 0x764dcfff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x76510000 | 0x7658afff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x766b0000 | 0x7675bfff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x767c0000 | 0x768dffff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x768e0000 | 0x7699dfff | Memory Mapped File | rwx |
|
|
|
- |
| shlwapi.dll | 0x769a0000 | 0x769e3fff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x769f0000 | 0x76b2ffff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x76b30000 | 0x76ca5fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel.appcore.dll | 0x76cb0000 | 0x76cbbfff | Memory Mapped File | rwx |
|
|
|
- |
| oleaut32.dll | 0x76cc0000 | 0x76d51fff | Memory Mapped File | rwx |
|
|
|
- |
| clbcatq.dll | 0x76d60000 | 0x76de1fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x76df0000 | 0x76edffff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77110000 | 0x77288fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007f557000 | 0x7f557000 | 0x7f559fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f55a000 | 0x7f55a000 | 0x7f55cfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f55d000 | 0x7f55d000 | 0x7f55ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000007f560000 | 0x7f560000 | 0x7f65ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000007f660000 | 0x7f660000 | 0x7f682fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f683000 | 0x7f683000 | 0x7f683fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f684000 | 0x7f684000 | 0x7f686fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f687000 | 0x7f687000 | 0x7f689fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f68a000 | 0x7f68a000 | 0x7f68cfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f68d000 | 0x7f68d000 | 0x7f68dfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7df8f68affff | Private Memory | r |
|
|
|
- |
| pagefile_0x00007df8f68b0000 | 0x7df8f68b0000 | 0x7ff8f68affff | Pagefile Backed Memory | - |
|
|
|
- |
| ntdll.dll | 0x7ff8f68b0000 | 0x7ff8f6a71fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00007ff8f6a72000 | 0x7ff8f6a72000 | 0x7ffffffeffff | Private Memory | r |
|
|
|
- |
Host Behavior
COM (7)
| Operation | Class | Interface | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Create | WBEMLocator | IWbemLocator | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Create | F6D90F12-9C73-11D3-B32E-00C04F990BB4 | 2933BF95-7B36-11D2-B20E-00C04F983E60 | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Create | EB87E1BD-3233-11D2-AEC9-00C04FB68820 | EB87E1BC-3233-11D2-AEC9-00C04FB68820 | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Execute | WBEMLocator | IWbemLocator | method_name = ConnectServer, network_resource = root\cli |
|
1 | |
| Execute | WBEMLocator | IWbemLocator | method_name = ConnectServer, network_resource = root\cli\ms_409 |
|
1 | |
| Execute | WBEMLocator | IWbemLocator | method_name = ConnectServer, network_resource = \\LHNIWSJ\ROOT\CIMV2 |
|
1 | |
| Execute | WBEMLocator | IWbemServices | method_name = ExecQuery, query_language = WQL, query = SELECT * FROM Win32_ShadowCopy |
|
1 |
Registry (5)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM | value_name = Logging, data = 48 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM | value_name = Logging Directory |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM | value_name = Logging Directory, data = 37 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM | value_name = Log File Max Size, data = 54 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\wbem\wmic.exe | base_address = 0xd10000 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Computer Name | result_out = LHNIWSJ |
|
1 | |
| Get Time | type = Local Time, time = 2019-01-24 16:59:47 (Local Time) |
|
1 | |
| Get Info | type = System Directory, result_out = C:\Windows\system32 |
|
1 |
Process #16: cmd.exe
57
0
| Information | Value |
|---|---|
| ID | #16 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | "C:\Windows\SysWOW64\cmd.exe" /c takeown /f C:\Windows\"." |
| Initial Working Directory | C:\Windows\SysWOW64\ |
| Monitor | Start Time: 00:03:24, Reason: Child Process |
| Unmonitor | End Time: 00:03:28, Reason: Self Terminated |
| Monitor Duration | 00:00:04 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xbdc |
| Parent PID | 0x844 (c:\users\ciihmnxmn6ps\desktop\t1.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
894
0x
8A4
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000720000 | 0x00720000 | 0x0073ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000720000 | 0x00720000 | 0x0072ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000730000 | 0x00730000 | 0x00733fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000740000 | 0x00740000 | 0x00741fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000740000 | 0x00740000 | 0x00743fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000750000 | 0x00750000 | 0x00763fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000770000 | 0x00770000 | 0x007affff | Private Memory | rw |
|
|
|
- |
| private_0x00000000007b0000 | 0x007b0000 | 0x008affff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000008b0000 | 0x008b0000 | 0x008b3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000008c0000 | 0x008c0000 | 0x008c0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000008d0000 | 0x008d0000 | 0x008d1fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000008e0000 | 0x008e0000 | 0x0091ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000930000 | 0x00930000 | 0x0093ffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x00940000 | 0x009fdfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000aa0000 | 0x00aa0000 | 0x00b9ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000ba0000 | 0x00ba0000 | 0x00c9ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000e30000 | 0x00e30000 | 0x00e3ffff | Private Memory | rw |
|
|
|
- |
| sortdefault.nls | 0x00e40000 | 0x01176fff | Memory Mapped File | r |
|
|
|
- |
| cmd.exe | 0x01180000 | 0x011cffff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x00000000011d0000 | 0x011d0000 | 0x051cffff | Pagefile Backed Memory | - |
|
|
|
- |
| wow64win.dll | 0x61770000 | 0x617e2fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x617f0000 | 0x6183efff | Memory Mapped File | rwx |
|
|
|
- |
| wow64cpu.dll | 0x61840000 | 0x61847fff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x768e0000 | 0x7699dfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x76b30000 | 0x76ca5fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x76df0000 | 0x76edffff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77110000 | 0x77288fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000000007f380000 | 0x7f380000 | 0x7f47ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000007f480000 | 0x7f480000 | 0x7f4a2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f4a4000 | 0x7f4a4000 | 0x7f4a4fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f4a9000 | 0x7f4a9000 | 0x7f4abfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f4ac000 | 0x7f4ac000 | 0x7f4aefff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f4af000 | 0x7f4af000 | 0x7f4affff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7df8f68affff | Private Memory | r |
|
|
|
- |
| pagefile_0x00007df8f68b0000 | 0x7df8f68b0000 | 0x7ff8f68affff | Pagefile Backed Memory | - |
|
|
|
- |
| ntdll.dll | 0x7ff8f68b0000 | 0x7ff8f6a71fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00007ff8f6a72000 | 0x7ff8f6a72000 | 0x7ffffffeffff | Private Memory | r |
|
|
|
- |
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Windows\SysWOW64 | type = file_attributes |
|
2 | |
| Open | STD_OUTPUT_HANDLE | - |
|
5 | |
| Open | STD_INPUT_HANDLE | - |
|
3 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 210, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\SysWOW64\takeown.exe | os_pid = 0x8d8, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\cmd.exe | base_address = 0x1180000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x76df0000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadUILanguage, address_out = 0x76e32780 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileExW, address_out = 0x76e0fa80 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsDebuggerPresent, address_out = 0x76e0a790 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x76c435c0 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Windows\SysWOW64 |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000001 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #19: takeown.exe
0
0
| Information | Value |
|---|---|
| ID | #19 |
| File Name | c:\windows\syswow64\takeown.exe |
| Command Line | takeown /f C:\Windows\"." |
| Initial Working Directory | C:\Windows\SysWOW64\ |
| Monitor | Start Time: 00:03:27, Reason: Child Process |
| Unmonitor | End Time: 00:03:27, Reason: Self Terminated |
| Monitor Duration | 00:00:00 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x8d8 |
| Parent PID | 0xbdc (c:\windows\syswow64\cmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
B2C
0x
B28
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x00000000003c0000 | 0x003c0000 | 0x003dffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000003c0000 | 0x003c0000 | 0x003cffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000000003d0000 | 0x003d0000 | 0x003d3fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000003e0000 | 0x003e0000 | 0x003e1fff | Private Memory | rw |
|
|
|
- |
| takeown.exe.mui | 0x003e0000 | 0x003e4fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00000000003f0000 | 0x003f0000 | 0x00403fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000410000 | 0x00410000 | 0x0044ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000450000 | 0x00450000 | 0x0048ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000490000 | 0x00490000 | 0x00493fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000004a0000 | 0x004a0000 | 0x004a0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000004b0000 | 0x004b0000 | 0x004b1fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x004c0000 | 0x0057dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000580000 | 0x00580000 | 0x005bffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000005c0000 | 0x005c0000 | 0x005cffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000005d0000 | 0x005d0000 | 0x0060ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000610000 | 0x00610000 | 0x00610fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000620000 | 0x00620000 | 0x00620fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000640000 | 0x00640000 | 0x0073ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000820000 | 0x00820000 | 0x0082ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000830000 | 0x00830000 | 0x009b7fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000009c0000 | 0x009c0000 | 0x00b40fff | Pagefile Backed Memory | r |
|
|
|
- |
| takeown.exe | 0x01320000 | 0x0132ffff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x0000000001330000 | 0x01330000 | 0x0532ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x0000000005330000 | 0x05330000 | 0x0672ffff | Pagefile Backed Memory | r |
|
|
|
- |
| wow64win.dll | 0x61770000 | 0x617e2fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x617f0000 | 0x6183efff | Memory Mapped File | rwx |
|
|
|
- |
| wow64cpu.dll | 0x61840000 | 0x61847fff | Memory Mapped File | rwx |
|
|
|
- |
| version.dll | 0x73810000 | 0x73817fff | Memory Mapped File | rwx |
|
|
|
- |
| bcryptprimitives.dll | 0x741b0000 | 0x74208fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x74210000 | 0x74219fff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x74220000 | 0x7423dfff | Memory Mapped File | rwx |
|
|
|
- |
| combase.dll | 0x742a0000 | 0x74459fff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x75ca0000 | 0x75ccafff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x761b0000 | 0x761f2fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x76390000 | 0x764dcfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x766b0000 | 0x7675bfff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x767c0000 | 0x768dffff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x768e0000 | 0x7699dfff | Memory Mapped File | rwx |
|
|
|
- |
| shlwapi.dll | 0x769a0000 | 0x769e3fff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x769f0000 | 0x76b2ffff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x76b30000 | 0x76ca5fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x76df0000 | 0x76edffff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77110000 | 0x77288fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000000007ef30000 | 0x7ef30000 | 0x7f02ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000007f030000 | 0x7f030000 | 0x7f052fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f058000 | 0x7f058000 | 0x7f05afff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f05b000 | 0x7f05b000 | 0x7f05bfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f05c000 | 0x7f05c000 | 0x7f05efff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f05f000 | 0x7f05f000 | 0x7f05ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7df8f68affff | Private Memory | r |
|
|
|
- |
| pagefile_0x00007df8f68b0000 | 0x7df8f68b0000 | 0x7ff8f68affff | Pagefile Backed Memory | - |
|
|
|
- |
| ntdll.dll | 0x7ff8f68b0000 | 0x7ff8f6a71fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00007ff8f6a72000 | 0x7ff8f6a72000 | 0x7ffffffeffff | Private Memory | r |
|
|
|
- |
