Flash_Player.exe
Windows Exe (x86-32)
Created at 2019-03-17T20:36:00
Remarks
(0x200000c): The maximum memory dump size was exceeded. Some dumps may be missing in the report.
Monitored Processes
Behavior Information - Grouped by Category
Process #1: flash_player.exe
81277
14
| Information | Value |
|---|---|
| ID | #1 |
| File Name | c:\users\fd1hvy\desktop\flash_player.exe |
| Command Line | "C:\Users\FD1HVy\Desktop\Flash_Player.exe" |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:00:24, Reason: Analysis Target |
| Unmonitor | End Time: 00:03:48, Reason: Self Terminated |
| Monitor Duration | 00:03:24 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x8f4 |
| Parent PID | 0x860 (c:\windows\explorer.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
E0C
0x
F74
0x
D18
0x
58
0x
2AC
0x
DC0
0x
68C
0x
F88
0x
544
0x
1A4
0x
4F0
0x
108C
0x
1090
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| flash_player.exe | 0x00400000 | 0x00862FFF | Marked Writable | - | 32-bit | - |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x0044A300, 0x0044CA50 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x0044BA80 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00432EF0, 0x0040EAF0, ... |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x0043ABE0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x004247E0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00438A50 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00425900, 0x0043BEE0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00429780 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00426080, 0x0040CEA0, ... |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x004121D0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x0041DE20, 0x0040D000 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x0041E000 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00422240, 0x0040F000 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x004112E0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00447FA0, 0x00413330 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x0041BB00, 0x00448B10, ... |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00417B50, 0x0041F020 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00420040 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00410080 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00414EB0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00434210 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x0040B540, 0x004462E1, ... |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x0043C9F0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x004045C0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x004304A5, 0x0042FBD0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00449E00, 0x0042EFB0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x0042A4C0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x0043E000, 0x00444C70 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x0042B000 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x0042CB30, 0x0042D8F0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00428690 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x004056D0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00421F60 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x004313AE |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x004437EB, 0x00442130 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00403A30 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00628C20 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x004A6B50 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x0045C0B4, 0x0045BFE0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x004503C0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x0045FB60 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x0045EC80 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00437F70 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00482DB0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x004675E0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00460000 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00409590 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00461BA0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x0045DA00, 0x004642F0, ... |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00408870 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x0043F000 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00465360 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x004076B0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x0040A760 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00468000 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00469000 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x0047D760 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00477960 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x0046C510 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x004790B0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x004664C0, 0x0047AAE0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00463030 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00440040 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x0047FC60 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x0047B2D0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x0047E3B0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00481460 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00497CD0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x004896C0, 0x004841B0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00487000, 0x00486000, ... |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00488000 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x0048E440 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x006004B0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x004AC43F, 0x004A81D0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x004A7470 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x004A9000 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x004AA000 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x004AB000 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x004AD000 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x004B0BF0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x005A91D0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x005542D1, 0x005537B0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x004B55E0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x004B3BE0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x004B6C20 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x004B7250 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x004B82A0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x004B9AE0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x005295F0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x004C7560 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x004BE4B0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x004BC600 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x004BFF60 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x004C57D0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x004E11A0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x004DB270 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x004C8570 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x004D0EB0, 0x004C9610 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x004DC280 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x004CD2D0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x004EBF70 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x004EC000 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x004FA700 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x004F75A0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x004F97E0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x004FCF30 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x004FD000 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x005130F0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x004FE960 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x004FF980 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00505DE0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x0050F550 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x004757C0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x0051A3A0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x0051B310 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x0048C7F0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x0052C9F0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x0052A690 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x0052BAF0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x005338F0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00535490 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00534910 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00406570 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00555E00 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00558530 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x0055C5A0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x0055A540 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x004C05F0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00568F40 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00566150 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00562450 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00561CC0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00569000 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x0056CEA0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x0056BE10 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x0056D230 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00578AF0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x0056E3C0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00574850 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00573F40 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x005793D0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x0057A170 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x0057C550 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x005AA000 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x0046B3B0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x005AC52F |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x005AB000 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x0055BED0, 0x00595640, ... |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00459310, 0x004C30A0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x005C0BA0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x005C2150 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x005C8095, 0x005C7E90 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x005C35E0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x005FDE60 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x005CFF40 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x005C95D0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x005D6CA0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x005D0290 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x005D49B0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x005E2B20 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x005E3370 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x005EA9F0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x005E70A4, 0x005E6F80 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x005E9000, 0x005E8FF0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x005FAF00 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x005FE1F0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x005FF830 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00626CC0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x0060BE40 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00607240 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x006259A0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x006230F0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x0060E440 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x0060C810 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00620D50 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00610A30 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x0060FFA0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00611570 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x006121B0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x006247D0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00627C60 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00480EE0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x0049F800 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x0051901D, 0x00516FB0, ... |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x0057EA50, 0x0057DAC0, ... |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x0059CC30 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x005ADC90 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x0059DA80, 0x00582280 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00427160, 0x005A70B0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00581290, 0x0058A920, ... |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00596BC0, 0x005A59F0, ... |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x005A27A0, 0x005A029D, ... |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00435346, 0x00436014 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00501790, 0x005A8B80 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00474660, 0x00502179 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00472F10, 0x00473410 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x0050DE90, 0x00507440, ... |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x0050AE00 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00512590 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00514820, 0x00511C90 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x0050C066 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x005061D0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00478FB0, 0x00510360, ... |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00504530 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00423A90 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x0047CE70 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00536E60, 0x005A1C0B |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00537320 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x004F8B10 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x0053D2E0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00542800, 0x0053E0C0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00539940, 0x0053BF30, ... |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00538EC0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x0053C000 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x004AEA50, 0x0053A95C |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x005449C0, 0x005510DC, ... |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00526160, 0x00546170 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00495990, 0x004E69E0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x004C2FD0, 0x00492D00 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x004E3BD0, 0x004E700B |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x0048B810, 0x00494EC0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x004E400C, 0x004E5FEF |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x0048AF90, 0x0048D5E0 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x00453AC0, 0x0048F170 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x004CE1B0, 0x00454030 |
|
|
| flash_player.exe | 0x00400000 | 0x00862FFF | Content Changed | - | 32-bit | 0x004E22B0, 0x004D6DF0 |
|
|
Dropped Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\/$GetCurrent/Logs/oobe_2017_09_07_03_08_57_737.log | 6.29 KB |
MD5:
84ec812800318e7671056a81aa1f35ed
SHA1: ec475bde3928208722db25c1321ced59c2298bc3 SHA256: c79e78932b0bbd481f3563112696cd603b09531a30410a217cf5fe1e4f8e0b82 SSDeep: 96:Z58oSKE1/Bagg9ZXkHKgjg7RAbbf61TwmfrPSF70l6LCAMmH:Z5rE1JabZ0tjlv618mbSOQLCFc |
|
|
| C:\/588bce7c90097ed212/1025/eula.rtf | 7.78 KB |
MD5:
924ec43e2757056f735061f5e4a2d481
SHA1: 69e2b38506c6b457350ea255180de57155fe6f04 SHA256: 77bd93cc13f28189d12c690490417fde49679d729328a157d1e9b4db8a7c414c SSDeep: 192:vB26lRZGD+zlUR0WL0o/U1e/F2DCeKYLZdua6G:vVDZGDAno/yRCWFk7G |
|
|
| C:\/588bce7c90097ed212/1029/eula.rtf | 4.03 KB |
MD5:
8efe489ed9841e0170fa8d87b1a6a002
SHA1: 6db57ab735ff0d5181b43abfba9c5b03a7de57ac SHA256: dfbd4f90720bc960bb65f647dc148601feec787323d0876a89543befcedeab89 SSDeep: 96:3TIdVFAk3bdA+Hrjvseqo5TBl64gB27YHxiux19Ktbngewp/3eJaSzGV:3TIfdA+Men5dNgB277yQgFV3MaD |
|
|
| C:\/588bce7c90097ed212/1038/eula.rtf | 4.55 KB |
MD5:
27c5e903fe2d8ce81a078aba9d6b11ad
SHA1: 59e7f64cd32325a1841957928398621283677d3d SHA256: e8bb864c242c6b7590fb20bea53788b98ea70ba24cddf38d467f623da9128709 SSDeep: 96:CFGTrTrLqs/e8TVhAiO1dBSIlIGLvXAYGxuozCTOJzFUj4XT+qp:CFaTr2s/NhA/1doIWAXzGxuozd3Uj4XB |
|
|
| C:\/588bce7c90097ed212/3076/eula.rtf | 6.55 KB |
MD5:
0862b6491f86e7fb16bdcff6448f52f6
SHA1: fe3f4b6cb6195b812c879c081a363aeb4e02a676 SHA256: c7add0d7a78a0e8c530be2f61f0cae20f8b924557a3e5e40cb4b419e4ae8c8f5 SSDeep: 192:f0bEJNSDg41JfnM4phMQDD5zrAmefTzyUN/:cLD/fnMAxDD1rfACu |
|
|
| C:\/Boot/BOOTSTAT.DAT | 64.40 KB |
MD5:
c190c69fbd53cec62b7007fb6ba0160b
SHA1: 2beeed1903aed776faafad3eb1e2c1d24f75444b SHA256: 16838b6b192e11ae543caa1996a56bb1e98ff576f7519f3058f4dccc13d37444 SSDeep: 1536:4WVzQTlvEwoyRg0WQ4LetidsovNJr2aWE22DhEJqJnN4A94nRUq9a0:A5vL+0WdSi1eTeeIPq9f |
|
|
| C:\/ProgramData/Microsoft/ClickToRun/19B11135-37BD-4FA1-A78E-C20CA2BDA1C0/en-us.16/stream.x64.en-us.man.dat | 862.35 KB |
MD5:
a7d8661173c938a3449ef43d6017b20d
SHA1: bd8f7be8e24a0937645748b9c68a852c4dc2e2f0 SHA256: 52697da012d507f433f9b9bb4e41347567921554031bea6e3f93a691e03ffa70 SSDeep: 24576:WHfPh3pgDDvVAH5X5gGVVGMRRskofkNUBHtx34JvXT5:WHYvC5XnTszjHXoV1 |
|
|
| C:\/ProgramData/Microsoft/ClickToRun/19B11135-37BD-4FA1-A78E-C20CA2BDA1C0/x-none.16/stream.x64.x-none.man.dat | 3.52 MB |
MD5:
f1a5c5608066eced2ceac988f874734a
SHA1: dbf44d1f150e3102d32a94432ed5bcb425b21aa5 SHA256: 886702680ff25be4328a7ad397b903ef835a3e560bdd70f67b9100365eebc119 SSDeep: 49152:wF2ZscqQL7zzyBXIozDvnqdXP+DFaP9ItySltEp8cOAGZCDZuCvMVw4Y+NMXx+33:e2ddyWo/v0GDkPo5cOWZuiFW |
|
|
| C:\/ProgramData/Microsoft/ClickToRun/ProductReleases/5A65C4D7-3CDF-4BE4-8560-F036D300C13F/en-us.16/stream.x86.en-us.man.dat | 1.03 MB |
MD5:
1457958305451ee8e61a860e8a1ae7aa
SHA1: 8dc6a6616c3484b10c635fdf8e1e5772f2089a7d SHA256: c0c4c9bb0eb5b030144846052ccb9508c90ee3a9a0d18f4783c3c9ba8621bb0e SSDeep: 24576:p5xIuQYn5QjM8ejLQ/b7zvgwhdEVZErDwDfYUG3IYgU:CuQGSgC/bAwHHDwjYUGY5U |
|
|
| C:\/ProgramData/Microsoft/ClickToRun/ProductReleases/A6A87302-92AE-41F2-AC52-73F5EE18259F/en-us.16/stream.x86.en-us.man.dat | 1.03 MB |
MD5:
374af09e5828a1da8c63f0cd0ef35e51
SHA1: 71ed70ad5066ef25c5970351b280722ccbb2cdba SHA256: 60fc8014f9d9cc8eb40e4394735891d8d47d28f9a51e503f4d646e62e5960761 SSDeep: 24576:8eaZKzGHVsyOLlpchx8wggVav+8xlQffCmupLG57rmNXyHx:85FV5OI8wgYav+5VuR0GNiHx |
|
|
| C:\ProgramData\session.json | 3.14 KB |
MD5:
ed1f917a869807a378eb11462868ba2f
SHA1: 1db57a1826dca5ffaf5e7902d8164a3877b9fd87 SHA256: 9828a4456b42f6f159d9361f5a7c6404c0bbd450db9299847454bcb5734933ea SSDeep: 96:B+xBgxEsf99ZgsYf4SOK7dlpnxvFucn0ax:B+Aisl9ZgsU4SF7dlpn3z0y |
|
|
| C:\/$GetCurrent/Logs/PartnerSetupCompleteResult.log | 0.46 KB |
MD5:
a94dec3ae8cd01093936f7551ffa69b8
SHA1: eaab2376153cc1f783bc536712894b8d42f280b5 SHA256: 37305d06a5cab5341ae91a5191a3cb4a148117e1f5359115eab0cdd65aab06e2 SSDeep: 12:4xV2nXJaJa+PRiTp3jbg4Zy/hYeFXXLHyFXLnmg+xlVH:4D2nXJaJaDp3jbzZiY+XXLHeXz4D |
|
|
| C:\/$GetCurrent/Logs/downlevel_2017_09_07_02_02_39_766.log | 42.11 KB |
MD5:
296823f90a2034fa4babd29420fda2dd
SHA1: 5a6f936e519ba40c72e4b9b78363ed4109af6d0b SHA256: a47215546545d5089283725c3689906b1b386a4e43717754bbd5a81df24b4672 SSDeep: 768:d1IadYT1jekJvtRfukr+kLlJfPH/Bl8kNwhEe/ceAW/C:d1tA/RfDfDJl8kNwqaGUC |
|
|
| C:\/588bce7c90097ed212/DHtmlHeader.html | 16.14 KB |
MD5:
455d25bb24b8fea018e03eaff441f940
SHA1: 87ce4c40872243051f0abfde910edfdaa23e217a SHA256: d82afd95430edd316f18ebac6de959e83940f3294c47d8dd61e60370cf69b4dd SSDeep: 384:rERDzcP1HBiGR3AUyVvLnfzN90f+xega0/9iVWYry5cSaDB:rERDzcP1HBATVv7zNmGxNv/9iZytaDB |
|
|
| C:\/588bce7c90097ed212/1028/eula.rtf | 6.55 KB |
MD5:
91d870c1a4c285bbda8c66582aa8d927
SHA1: d301c62714a25a7b4a515ea5235e40c9e58106e1 SHA256: f431f540280dc73ff31ac11b76f1d5ac3fdf99a6d7601eaed331d9e406cc06d9 SSDeep: 96:BLmB9v5B412PMFDpItcdZ88CKuCFWNwQqcGnEj93Vpzquiv24GVX2N0UxV/tB2To:BaB9418YDp8c4JfWWJFcszNjUxh2TY1p |
|
|
| C:\/588bce7c90097ed212/1030/eula.rtf | 3.63 KB |
MD5:
5cd786f065f8b130db378eceaa58d74f
SHA1: b8e290b78334a0c069344ded837acf2a9713d315 SHA256: 01cb736cb09a4be11962207e4771b5ab6e9355e92718f6a80afbb8f71440214e SSDeep: 96:FTr3uwbuc/4Zn65dzNxSezce6XIQKXHKvf4K:FWwbxan6LJx9oJahK |
|
|
| C:\/588bce7c90097ed212/1031/eula.rtf | 3.73 KB |
MD5:
dda3f14d787e96f76cdeffe334f91517
SHA1: 3b014f10014325b1fc114a5bcb3ada4a386917e1 SHA256: 101ad17d6ecd396791b518a5bf9fb338b39832ddaca35620357b88f24dedb2fe SSDeep: 96:0lOdqjiTSjY7ZCniimu6I4GP76dUIKWEUxI:3d2ij7Yiimu6mP76dUIKWnI |
|
|
| C:\/588bce7c90097ed212/1032/eula.rtf | 9.06 KB |
MD5:
80e4b2b164987165d576cf7290d29585
SHA1: 1eaa9d602d190eec900c01f2e2d68f893cc1e499 SHA256: 6d04f9860d2654bc63ca42dc210e3bdd64f9928066d222fcb263794a57e390b7 SSDeep: 192:pDUb/95SWlEVXpU6QN42Zh5UVY9tj8u6y5LJEyu1Y:pwbVwWeVXpU6I42QStAk9JW1Y |
|
|
| C:\/588bce7c90097ed212/1033/eula.rtf | 3.51 KB |
MD5:
74f38ad8ea3079534367e176173d95c4
SHA1: f109788470dbadeaeb617aac189d6ce2e54da574 SHA256: 07faf92e4e12aa4e584954dd53b73764058799d56fe1c34c85f19b634ba84776 SSDeep: 96:wdSjHXEIgjKu8JS5PDpFbsMF9hpaGpG4PRPYHghk:7jHZVu+GFlvJppJ2gG |
|
|
| C:\/588bce7c90097ed212/1035/eula.rtf | 4.01 KB |
MD5:
64cb7e5a264b7d596d6fce3454eb27ef
SHA1: 057ca022dfbc489f2804904b52b5e0fc2bc0acb2 SHA256: 02db4a7a5f523fead89f52223e6e94a7a52a7d841dff6036e55d460011f923e3 SSDeep: 96:FeHDhYrJCnXcif/HXFGTx607Afj1iE3bvTzl9JTCZ:ourJCnXcg/3cbcb1iExn8 |
|
|
| C:\/588bce7c90097ed212/1036/eula.rtf | 3.84 KB |
MD5:
178c12449a0052f0c36264882e4d08c3
SHA1: dc6a732ceef09cfcd40ea2ebeb82e760541733db SHA256: 7df32937312e99976de7c1f43f275bce814f9337c98eb89f5410615af3d6785c SSDeep: 96:asrmMbXB/OT3o8tCbticovcYEfFvQLOYNnQ:aImMbR/OT3bUkcovcVILOL |
|
|
| C:\/588bce7c90097ed212/1037/eula.rtf | 7.08 KB |
MD5:
fda26aac2c8f7c7857264c8f8b0a094b
SHA1: bc90b8b1ca1db35808e25b39fb1d9b45f4140035 SHA256: d43e73951ab96460aec75e846e7d3b20e3498fc31c1edefa94173563970d0137 SSDeep: 192:KV3Q7VrJBJheJKAukFi3ONPA2/xpnVDq+BOxg:mmrrCJKu00lxpV++f |
|
|
| C:\/588bce7c90097ed212/1040/eula.rtf | 3.95 KB |
MD5:
aa279c0426bb28d66425b709692944df
SHA1: d8b21d2c81464d4415325035b57639bc9e0da960 SHA256: 1f1216f4a7483f8af78a30e64bd712558ddc281cb9db73334c69b1443eff0c27 SSDeep: 96:jI8ItMDaJf2o7r4gZ6Mh8G1EIHZaZjriz1ZS2y0q:qt6QfJQMhxvHZ4+xZS2hq |
|
|
| C:\/588bce7c90097ed212/1041/eula.rtf | 10.28 KB |
MD5:
19de8aff6dacc6873c6bd4eeca00ba91
SHA1: 3529194ce403f75d776ef7a2dc40153a88451a4d SHA256: 62d84fb0536fad075182d9bb1ef8e9ef076605b785285db71060eb5e818bedd1 SSDeep: 192:pP36MKgrHJ/psPb6RtWE/jGrebgqQC8OayecofBsVo:pv6MKgrphx3/zgqQC4L/ |
|
|
| C:\/588bce7c90097ed212/1042/eula.rtf | 12.78 KB |
MD5:
f42e85c000e606cc6e00a010a26f2a50
SHA1: 0fd3e574d7ff5de017dbc0a417e54483eddcb2da SHA256: 5ff8f8c9ea5c037a3bfa56ca473cdeef053320ed7d237b7768b977844c7dbc59 SSDeep: 384:8nFXYitH62lbpQJOivT8xBbGSc4fDUTGjc/C2rgzv9JK:CFd65giwWI/K |
|
|
| C:\/588bce7c90097ed212/1043/eula.rtf | 3.86 KB |
MD5:
d97211c4f4be375db70609c7bc5407f5
SHA1: b9621ac5827840e6d036bfc41d3454de603a279c SHA256: 22c5dc94c2ca24ce437a45b93c755915c3156d0cbbc1ac67bfd992d9ea93538c SSDeep: 96:ghDjyUy/mqv5uGIocXSAgTe5Bt4kHiqQdKtO:UPy/mqv5uQD7GgKg |
|
|
| C:\/588bce7c90097ed212/1044/eula.rtf | 3.37 KB |
MD5:
0cf576ee7e6f2430dcc73d6de22d4a39
SHA1: ea63405e4d084b0f5e06786795bac205ee15e593 SHA256: eceb1e6f74f49fccf2cf77272e681ea12693bc8f39edd4f92ec27f373cc51690 SSDeep: 96:pzwjIE1iJHzaCE2UeICb5l12Cz9pkMI8n1OXxY:V0XOHz1UeIM5/2xYOBY |
|
|
| C:\/588bce7c90097ed212/1045/eula.rtf | 4.34 KB |
MD5:
d267417aed38a36712ba9d1500c4db4e
SHA1: 83943d868f7fc288e27d939d9f56ac96ed97d417 SHA256: 1070cec7a648fd0cda7398fdf3284512ce6737bd212ef33dec996360a61335ab SSDeep: 96:W0pYg82k3KOheQBhj3PjeVESaWCAoJvpBsjSXZJbRvRfwo4YHYv4Xd:Ww46OH/fKztqsOFv90wXd |
|
|
| C:\/588bce7c90097ed212/1046/eula.rtf | 3.99 KB |
MD5:
b652099f478423577b8ef350d2bb29e6
SHA1: 6379d9fd41e19250f9fdceade642562d8b144e0f SHA256: ba7baf7111576565ce8cf69e43781a795038fd2bdb68017cbe028e08314dec00 SSDeep: 96:hb2maCWLXeyEwONVr+lmB0mahGf8Ngpj0h8iAfquPw75vZiYYY:hbub/uN0cRhaRyffPM5vNYY |
|
|
| C:\/588bce7c90097ed212/1049/eula.rtf | 53.57 KB |
MD5:
66a98b03b58bd96e79ddc86f50df46eb
SHA1: eccee8ba5a3d0d022b3f9178908dd2b3dc6a3379 SHA256: c6f2dd405b5db734eae03bde424777067a4f5d88764c5e1d3e4ee68a2ed42a62 SSDeep: 1536:sE4OMKSms4sAcHB3M15TXhm0P6aM1D9uDJDb1Lfa:srBms4sAcHBSF7P6H15wbpa |
|
|
| C:\/588bce7c90097ed212/1053/eula.rtf | 4.17 KB |
MD5:
e8ed64153ac0189b44f4b1723876b9ff
SHA1: 4809b0227306e1b8bde3d24a9cfebac423c24384 SHA256: b7f59e40bd529be70179046216b529823198a9a01cd4dcc681c94af848edce63 SSDeep: 96:7GeQ/IrUEEeKovEawFV6nSYBVGtftHwFXnrBGv8RS7sGDP84Vy:dQi5Y3YSCqftHwFrB1ks0Vy |
|
|
| C:\/588bce7c90097ed212/1055/eula.rtf | 4.16 KB |
MD5:
1244510f89551ed77d3113caf9c08cfb
SHA1: ff28d695f4d20b0b307e6130b6af610ead8b3be2 SHA256: 027f635c558431f93a52087abc01fe1b9dc390c8aa27766c083473a766f8796c SSDeep: 96:yj/DE6SyoA5NndRUNnKgtM4D3M5MTWKcH8IIa:IbE/yXPUNnvM4D3M5Zx |
|
|
| C:\/588bce7c90097ed212/2052/eula.rtf | 6.08 KB |
MD5:
a156919c857cc7c74098c9104a495858
SHA1: ccb6d4dd94481cde8e62cf3ab35c93353aa7ef9a SHA256: 2fb062f76eb75c14181f083c37fac41254a9603d101090033560821bd97c2e5d SSDeep: 96:Mavl6drKJitHTP80kD757Gu67p08FHrXxbxl3FPfVr7NeIec2U/df4qp9hdPUK:bv8txOl7X693Hrhb1tNeIec2UFQqjPd |
|
|
| C:\/588bce7c90097ed212/2070/eula.rtf | 4.31 KB |
MD5:
7358360d9c9c05197d9b86abc64051c7
SHA1: 2f6e2eb7887751b1acb2411b94f98bff411dfea9 SHA256: 62a0c26425016051ee6244e3b138839942c91a2e1f2b0a06d8cd17cfe1791557 SSDeep: 96:nQtWM6j3kWM+y12axbNSQ2Y3cFc7h0zXANCGLGFR49JLL1iPPRv:nQgM6Qh24ZHIsR3GFR4L3MPl |
|
|
| C:\/588bce7c90097ed212/3082/eula.rtf | 3.39 KB |
MD5:
a49800f7b39e79b31f8f888c3d867c64
SHA1: 2a2d1dec142e542e2699da5cde3f55092144915d SHA256: de888f87c2694bb6d2e3ebf2c59f61666067bffe1a42f735de11fc7728663ee5 SSDeep: 96:9JonksjomZJbEOYtfxt1bzj1KczPnzVBM6ZFoYvvw:9J2oKEp3vj1Km/zVBnZFzvvw |
|
|
| C:\/ProgramData/Microsoft/ClickToRun/0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4/en-us.16/stream.x64.en-us.man.dat | 862.35 KB |
MD5:
a41a9a572741266dd07e58fa76ac76ed
SHA1: ea1635371c83d6c3bc9d9396d8173d86c1bb045c SHA256: ae70e28cb283dac08c390d2be16aff1e092a64a5d313737f55fae8d0a1e175ab SSDeep: 24576:gRvUWfuMCpFHD4OCtTS+KuKDH4iwjsJDHsWwUDddlLPflysisvI:QUWGMCLj4TuPf3LlL1ysisw |
|
|
| C:\/ProgramData/Microsoft/ClickToRun/0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4/x-none.16/stream.x64.x-none.man.dat | 3.52 MB |
MD5:
3f10604e7d6154d000a0a665fb2cc70b
SHA1: 8352e8ace161ac13c2315e169056a03ca54ef406 SHA256: 8aa82f45f74c12496861796125f0423fe309aeb350ee593635cf7a9e5b36065a SSDeep: 49152:zogt9MKrsdj7AW2HKsCKp6vcwS+KEtBY4r0Brf5Y0Am5jD1upPXY5q9Z2hI4821+:0gTM8orK+xlEBrfCOjDmXY5qLWB825Q |
|
|
| C:\/ProgramData/Microsoft/ClickToRun/201EB7DF-C721-4B8B-9C81-A09DE7F931E6/en-us.16/stream.x64.en-us.man.dat | 862.35 KB |
MD5:
3d951e18670e67e7b18c62849e10826c
SHA1: a686e9144933108bb1293ce2ffebb76b5d8b2511 SHA256: f4b69d2c7ba3fc5529688b553d29a239fbf9868bc357c21218e6f2eb4bb51ade SSDeep: 24576:V0BoRItDc1uC6vT1pQtKiQ/+DSX5IPTkx:muRItQ1uCSwtK9G9E |
|
|
| C:\/ProgramData/Microsoft/ClickToRun/201EB7DF-C721-4B8B-9C81-A09DE7F931E6/x-none.16/stream.x64.x-none.man.dat | 3.52 MB |
MD5:
6c5e85ff602ad4102cfbcc89ee1626af
SHA1: a736b24c3ad4573e4f4c37b48b4082e3603043da SHA256: 86eaa40849bc798cbf01c6c06f1c5714f23c39016709361f1854dfcf9aced387 SSDeep: 98304:lYW58eJWGRbe7FsBaXYkU17k8afsqaDoNqy5ih4i1sxB:OWueDa7FlHYkfNaDeqyiai1sxB |
|
|
| C:\/ProgramData/Microsoft/ClickToRun/ProductReleases/5A65C4D7-3CDF-4BE4-8560-F036D300C13F/x-none.16/stream.x86.x-none.man.dat | 4.38 MB |
MD5:
0f6642b30881233c35909f9b6492c7b1
SHA1: 9e360e133affb209714cb2bcaddf4c8f62c6aeef SHA256: b641c88708ee913fc1bd87702f2e237dbeae0c5e48fddade8b0f3934e2d8830d SSDeep: 98304:RAnckjZ5+sljU6GFGUUslG1yQ0oMvOaXeqqUNe7b+q1WYDnnq15:RvkjZ5+sljyAslIL0o/eeSeGa74 |
|
|
| C:\/ProgramData/Microsoft/ClickToRun/ProductReleases/A6A87302-92AE-41F2-AC52-73F5EE18259F/x-none.16/stream.x86.x-none.man.dat | 4.38 MB |
MD5:
9923593d7ee29a126c6dbeb1f8e482d4
SHA1: f09fd4573af37df67dcb2bb994d89d00ad604220 SHA256: 4e4ef60be0805a23874cfbd23d5b8be9131ea5dd225eef077c293de923946310 SSDeep: 98304:O6gHyMT9wq1AJi8NYGj0qscMaiN6Y+592dQLAKho0hyJ:ONlbmM89guilmAKho0h6 |
|
|
| C:\/$GetCurrent\# instructions-HKJIL #.jpg | 78.31 KB |
MD5:
26f25d4e798b539cce28f3e7f13600ec
SHA1: e80d758f97cf6506501299abf494d3e3edbda5a7 SHA256: 3fab52c5c0aa2f1f6a3c47ce59be961d5b351e24fd28f6461798e6b67ffae7b2 SSDeep: 1536:i/DoubOLEa4RR8bTWLOoo0C5ccCSB2dWDEgTD5ezkgcr:ita4RR8bKiofGVCSBmeJf51r |
|
|
| C:\/$GetCurrent\# instructions-HKJIL #.vbs | 0.18 KB |
MD5:
4f061a471fe0a032b4774613273bf4b0
SHA1: ef9f75d4bb302b5711f193efacd6858709d04110 SHA256: fe725c4e6b8391ec96de6bf0a4e98e1356b596c60f66d49874c209abfa137fcf SSDeep: 3:Zo6UL2aTEhzRFTVNUMGYLakMQJAC+A6fRAxDVFcAOF0x/u5AoUrKFY2VhKoLVUT:Z7akbVmHIMxCSfm5VFcAOFZ5nPFbVhKV |
|
|
| C:\/$GetCurrent\# instructions-HKJIL #.txt | 4.17 KB |
MD5:
77291389c187b9c8b93f57d0eb5035ae
SHA1: c8e8b8a4ba03b7a474a11fa3bbd476cd6a40a92a SHA256: 5b25a2ebe11eda82848df87872d244db2c13a88eeb8157c12e568201cca3a2c5 SSDeep: 96:GFnW3ErN/RGxe8dP6qMyw2WCsS9OQqmSzTTLFsroOL52b:qnWUrxRGkW6qRw9ylqmSDL2rTY |
|
|
Modified Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\/$GetCurrent/Logs/oobe_2017_09_07_03_08_57_737.log | 6.29 KB |
MD5:
84ec812800318e7671056a81aa1f35ed
SHA1: ec475bde3928208722db25c1321ced59c2298bc3 SHA256: c79e78932b0bbd481f3563112696cd603b09531a30410a217cf5fe1e4f8e0b82 SSDeep: 96:Z58oSKE1/Bagg9ZXkHKgjg7RAbbf61TwmfrPSF70l6LCAMmH:Z5rE1JabZ0tjlv618mbSOQLCFc |
|
|
| C:\/588bce7c90097ed212/1025/eula.rtf | 7.78 KB |
MD5:
924ec43e2757056f735061f5e4a2d481
SHA1: 69e2b38506c6b457350ea255180de57155fe6f04 SHA256: 77bd93cc13f28189d12c690490417fde49679d729328a157d1e9b4db8a7c414c SSDeep: 192:vB26lRZGD+zlUR0WL0o/U1e/F2DCeKYLZdua6G:vVDZGDAno/yRCWFk7G |
|
|
| C:\/588bce7c90097ed212/1029/eula.rtf | 4.03 KB |
MD5:
8efe489ed9841e0170fa8d87b1a6a002
SHA1: 6db57ab735ff0d5181b43abfba9c5b03a7de57ac SHA256: dfbd4f90720bc960bb65f647dc148601feec787323d0876a89543befcedeab89 SSDeep: 96:3TIdVFAk3bdA+Hrjvseqo5TBl64gB27YHxiux19Ktbngewp/3eJaSzGV:3TIfdA+Men5dNgB277yQgFV3MaD |
|
|
| C:\/588bce7c90097ed212/1032/eula.rtf | 8.67 KB |
MD5:
a8880bf03579222859f25347f836771f
SHA1: aae58c20b555c1bfd5830b2a19834a88cae6c6dc SHA256: 854ef94028a3ad8bd652eddb9cbd857ddcb601ec3b76bc0e54de78b015c85d9c SSDeep: 192:pDUb/95SWlEVXpU6QN42Zh5UVY9tj8u6y5LJEyuD:pwbVwWeVXpU6I42QStAk9JWD |
|
|
| C:\/588bce7c90097ed212/1035/eula.rtf | 3.62 KB |
MD5:
b7537df41a92ae6d29192d7cfe2a27af
SHA1: aa7babf38276342777ad98c9fcd4e284c2fc8196 SHA256: a5311e46865756379102775594a1318dc27dcb53482907f6b2d0cbc65291cafa SSDeep: 96:FeHDhYrJCnXcif/HXFGTx607Afj1iE3bvTzl9JTk:ourJCnXcg/3cbcb1iExnk |
|
|
| C:\/588bce7c90097ed212/1038/eula.rtf | 4.55 KB |
MD5:
27c5e903fe2d8ce81a078aba9d6b11ad
SHA1: 59e7f64cd32325a1841957928398621283677d3d SHA256: e8bb864c242c6b7590fb20bea53788b98ea70ba24cddf38d467f623da9128709 SSDeep: 96:CFGTrTrLqs/e8TVhAiO1dBSIlIGLvXAYGxuozCTOJzFUj4XT+qp:CFaTr2s/NhA/1doIWAXzGxuozd3Uj4XB |
|
|
| C:\/588bce7c90097ed212/1043/eula.rtf | 3.46 KB |
MD5:
637866c102a88cae464daa531e28fca4
SHA1: c8a5ae01397375624b3eefc0679a400fcba9532a SHA256: d5e131e1c2deb2ca1bd09d081de5ce76349f83010b4ce7e237ac6bcea7b25e36 SSDeep: 96:ghDjyUy/mqv5uGIocXSAgTe5Bt4kHiqQdn:UPy/mqv5uQD7Ggn |
|
|
| C:\/588bce7c90097ed212/3076/eula.rtf | 6.55 KB |
MD5:
0862b6491f86e7fb16bdcff6448f52f6
SHA1: fe3f4b6cb6195b812c879c081a363aeb4e02a676 SHA256: c7add0d7a78a0e8c530be2f61f0cae20f8b924557a3e5e40cb4b419e4ae8c8f5 SSDeep: 192:f0bEJNSDg41JfnM4phMQDD5zrAmefTzyUN/:cLD/fnMAxDD1rfACu |
|
|
| C:\/Boot/BOOTSTAT.DAT | 64.40 KB |
MD5:
c190c69fbd53cec62b7007fb6ba0160b
SHA1: 2beeed1903aed776faafad3eb1e2c1d24f75444b SHA256: 16838b6b192e11ae543caa1996a56bb1e98ff576f7519f3058f4dccc13d37444 SSDeep: 1536:4WVzQTlvEwoyRg0WQ4LetidsovNJr2aWE22DhEJqJnN4A94nRUq9a0:A5vL+0WdSi1eTeeIPq9f |
|
|
| C:\/ProgramData/Microsoft/ClickToRun/19B11135-37BD-4FA1-A78E-C20CA2BDA1C0/en-us.16/stream.x64.en-us.man.dat | 861.94 KB |
MD5:
ea408c9e08018dc8916bd4a0df6e56fd
SHA1: 9fc656963898bba59edc2a9cb8a81bf4bdaa3636 SHA256: a35e7022738108c2bb56952b3bdb6d7429ce827a09cb123fae20c28d273d3146 SSDeep: 24576:WHfPh3pgDDvVAH5X5gGVVGMRRskofkNUBHtx34JvXTx:WHYvC5XnTszjHXoVd |
|
|
| C:\/ProgramData/Microsoft/ClickToRun/19B11135-37BD-4FA1-A78E-C20CA2BDA1C0/en-us.16/stream.x64.en-us.man.dat | 862.35 KB |
MD5:
a7d8661173c938a3449ef43d6017b20d
SHA1: bd8f7be8e24a0937645748b9c68a852c4dc2e2f0 SHA256: 52697da012d507f433f9b9bb4e41347567921554031bea6e3f93a691e03ffa70 SSDeep: 24576:WHfPh3pgDDvVAH5X5gGVVGMRRskofkNUBHtx34JvXT5:WHYvC5XnTszjHXoV1 |
|
|
| C:\/ProgramData/Microsoft/ClickToRun/19B11135-37BD-4FA1-A78E-C20CA2BDA1C0/x-none.16/stream.x64.x-none.man.dat | 3.52 MB |
MD5:
f1a5c5608066eced2ceac988f874734a
SHA1: dbf44d1f150e3102d32a94432ed5bcb425b21aa5 SHA256: 886702680ff25be4328a7ad397b903ef835a3e560bdd70f67b9100365eebc119 SSDeep: 49152:wF2ZscqQL7zzyBXIozDvnqdXP+DFaP9ItySltEp8cOAGZCDZuCvMVw4Y+NMXx+33:e2ddyWo/v0GDkPo5cOWZuiFW |
|
|
| C:\/ProgramData/Microsoft/ClickToRun/ProductReleases/5A65C4D7-3CDF-4BE4-8560-F036D300C13F/en-us.16/stream.x86.en-us.man.dat | 1.03 MB |
MD5:
1457958305451ee8e61a860e8a1ae7aa
SHA1: 8dc6a6616c3484b10c635fdf8e1e5772f2089a7d SHA256: c0c4c9bb0eb5b030144846052ccb9508c90ee3a9a0d18f4783c3c9ba8621bb0e SSDeep: 24576:p5xIuQYn5QjM8ejLQ/b7zvgwhdEVZErDwDfYUG3IYgU:CuQGSgC/bAwHHDwjYUGY5U |
|
|
| C:\/ProgramData/Microsoft/ClickToRun/ProductReleases/5A65C4D7-3CDF-4BE4-8560-F036D300C13F/x-none.16/stream.x86.x-none.man.dat | 4.38 MB |
MD5:
f43e8b305cd61cb29d1cbecfd6bf692e
SHA1: d94fa2ffaced842f857d05b0b98159eb5d1fc11e SHA256: 70ca056393a2da7cc07db5c46e07714aa118f15947152dd1642df7f3a59e1456 SSDeep: 98304:RAnckjZ5+sljU6GFGUUslG1yQ0oMvOaXeqqUNe7b+q1WYDnnq1Z:RvkjZ5+sljyAslIL0o/eeSeGa7Y |
|
|
| C:\/ProgramData/Microsoft/ClickToRun/ProductReleases/A6A87302-92AE-41F2-AC52-73F5EE18259F/en-us.16/stream.x86.en-us.man.dat | 1.03 MB |
MD5:
374af09e5828a1da8c63f0cd0ef35e51
SHA1: 71ed70ad5066ef25c5970351b280722ccbb2cdba SHA256: 60fc8014f9d9cc8eb40e4394735891d8d47d28f9a51e503f4d646e62e5960761 SSDeep: 24576:8eaZKzGHVsyOLlpchx8wggVav+8xlQffCmupLG57rmNXyHx:85FV5OI8wgYav+5VuR0GNiHx |
|
|
| C:\/ProgramData/Microsoft/ClickToRun/ProductReleases/A6A87302-92AE-41F2-AC52-73F5EE18259F/x-none.16/stream.x86.x-none.man.dat | 4.38 MB |
MD5:
691ce461c8f9f9daddea229f52f28d4f
SHA1: 3925380a23f395eb56f0964011d6a1ec53e0cb6e SHA256: ef88fdc87823831439bcb5efb3b7383e1a68745254091e30fe9cdedd924c85be SSDeep: 98304:O6gHyMT9wq1AJi8NYGj0qscMaiN6Y+592dQLAKho0hyw:ONlbmM89guilmAKho0hL |
|
|
| C:\/$GetCurrent/Logs/PartnerSetupCompleteResult.log | 0.04 KB |
MD5:
cd80735904ab0ce3fe1e23fc484a2b10
SHA1: 4b54bd182305e0c7b7826317c24b2c6320cab35d SHA256: 2496410d41f38365e38369c0350dfd1d2eabcb1b21f23c7195c9e6b9f6ddb939 SSDeep: 3:xGl99Tl91p8:Af9BXO |
|
|
| C:\/$GetCurrent/Logs/PartnerSetupCompleteResult.log | 0.46 KB |
MD5:
a94dec3ae8cd01093936f7551ffa69b8
SHA1: eaab2376153cc1f783bc536712894b8d42f280b5 SHA256: 37305d06a5cab5341ae91a5191a3cb4a148117e1f5359115eab0cdd65aab06e2 SSDeep: 12:4xV2nXJaJa+PRiTp3jbg4Zy/hYeFXXLHyFXLnmg+xlVH:4D2nXJaJaDp3jbzZiY+XXLHeXz4D |
|
|
| C:\/$GetCurrent/Logs/downlevel_2017_09_07_02_02_39_766.log | 41.67 KB |
MD5:
e07172701ffb11015248735f342dbb8c
SHA1: 1d8d383408b4ed47eb4be79a575f726bd5560075 SHA256: e337f5f1efe12450381033cd5c46c535c22159785884ad07e5fa2fd003dcb658 SSDeep: 768:d1IadYT1jekJvtRfukr+kLlJfPH/Bl8kNwhEe/ceAW/2:d1tA/RfDfDJl8kNwqaGU2 |
|
|
| C:\/$GetCurrent/Logs/downlevel_2017_09_07_02_02_39_766.log | 42.11 KB |
MD5:
296823f90a2034fa4babd29420fda2dd
SHA1: 5a6f936e519ba40c72e4b9b78363ed4109af6d0b SHA256: a47215546545d5089283725c3689906b1b386a4e43717754bbd5a81df24b4672 SSDeep: 768:d1IadYT1jekJvtRfukr+kLlJfPH/Bl8kNwhEe/ceAW/C:d1tA/RfDfDJl8kNwqaGUC |
|
|
| C:\/$GetCurrent/Logs/oobe_2017_09_07_03_08_57_737.log | 5.86 KB |
MD5:
4346695eef64f10a8c4c3ce4a47944a6
SHA1: 0093c6935d489eaef36ce8447493568978c35fe7 SHA256: b720ecacd995ba988b860c5fb374b10c036b75f0f3a812092589883eb4e01a7e SSDeep: 96:Z58oSKE1/Bagg9ZXkHKgjg7RAbbf61TwmfrPSF70l6U:Z5rE1JabZ0tjlv618mbSOQU |
|
|
| C:\/588bce7c90097ed212/DHtmlHeader.html | 15.74 KB |
MD5:
f69524f191cd2796f98ba444227be24c
SHA1: 9b8a99d345d337363f4c6e428b95a8674397f35e SHA256: 0e894d7772ef59c8b4a722f6e138964528f5b4c239eab0def5005abc5a238405 SSDeep: 384:rERDzcP1HBiGR3AUyVvLnfzN90f+xega0/9iVWYry5cSaDC:rERDzcP1HBATVv7zNmGxNv/9iZytaDC |
|
|
| C:\/588bce7c90097ed212/DHtmlHeader.html | 16.14 KB |
MD5:
455d25bb24b8fea018e03eaff441f940
SHA1: 87ce4c40872243051f0abfde910edfdaa23e217a SHA256: d82afd95430edd316f18ebac6de959e83940f3294c47d8dd61e60370cf69b4dd SSDeep: 384:rERDzcP1HBiGR3AUyVvLnfzN90f+xega0/9iVWYry5cSaDB:rERDzcP1HBATVv7zNmGxNv/9iZytaDB |
|
|
| C:\/588bce7c90097ed212/1025/eula.rtf | 7.39 KB |
MD5:
54e523f0f320a696d3466f5d651fe426
SHA1: ce33f26a6f7154957a74c844cacd7729bd8c47c3 SHA256: 52fe000a630efbd532d54a8447d881904580b47957c2eff0d449ef3cb5c689cf SSDeep: 192:vB26lRZGD+zlUR0WL0o/U1e/F2DCeKYLZduaI:vVDZGDAno/yRCWFk9 |
|
|
| C:\/588bce7c90097ed212/1028/eula.rtf | 6.16 KB |
MD5:
530be2a1516c16961c5ab537897a16b8
SHA1: ec1d382a39ea46129bc6a784b6c01e3acb62a37b SHA256: c8dafa9a3744e9af3ca64f30f92d03087cbfe587352c3683b7d9c5bd5ed866a9 SSDeep: 96:BLmB9v5B412PMFDpItcdZ88CKuCFWNwQqcGnEj93Vpzquiv24GVX2N0UxV/tB2T7:BaB9418YDp8c4JfWWJFcszNjUxh2T7 |
|
|
| C:\/588bce7c90097ed212/1028/eula.rtf | 6.55 KB |
MD5:
91d870c1a4c285bbda8c66582aa8d927
SHA1: d301c62714a25a7b4a515ea5235e40c9e58106e1 SHA256: f431f540280dc73ff31ac11b76f1d5ac3fdf99a6d7601eaed331d9e406cc06d9 SSDeep: 96:BLmB9v5B412PMFDpItcdZ88CKuCFWNwQqcGnEj93Vpzquiv24GVX2N0UxV/tB2To:BaB9418YDp8c4JfWWJFcszNjUxh2TY1p |
|
|
| C:\/588bce7c90097ed212/1029/eula.rtf | 3.64 KB |
MD5:
c611a2be85d70926fccb73ecb8eb9364
SHA1: 28fddb06a358f6d77016a0a02e20eabb9ac8bdb0 SHA256: 0c5b0e9d6ca00e37fc58ecf35920c318ff8ece5be4a8be9cef4a8b919d6d06a7 SSDeep: 96:3TIdVFAk3bdA+Hrjvseqo5TBl64gB27YHxiux19Ktbngewp/3eJaB:3TIfdA+Men5dNgB277yQgFV3MaB |
|
|
| C:\/588bce7c90097ed212/1030/eula.rtf | 3.24 KB |
MD5:
9167f2b1496172be6964ad15f6fe8ae2
SHA1: fb9dd563b7feb0ef9a6aa8c7e4db6feb0a24eb30 SHA256: 028ebc161f7cc5fce6ffcffe43b4d3b81709b8ef5ef967ba21f73eff4c24335d SSDeep: 96:FTr3uwbuc/4Zn65dzNxSezce6XIQKXHKvn:FWwbxan6LJx9oJa6 |
|
|
| C:\/588bce7c90097ed212/1030/eula.rtf | 3.63 KB |
MD5:
5cd786f065f8b130db378eceaa58d74f
SHA1: b8e290b78334a0c069344ded837acf2a9713d315 SHA256: 01cb736cb09a4be11962207e4771b5ab6e9355e92718f6a80afbb8f71440214e SSDeep: 96:FTr3uwbuc/4Zn65dzNxSezce6XIQKXHKvf4K:FWwbxan6LJx9oJahK |
|
|
| C:\/588bce7c90097ed212/1031/eula.rtf | 3.34 KB |
MD5:
39d0c6818a79ac5b35af7d0c157e748f
SHA1: ec2dcfb1ffe31475e860de70977efac9a0d027b3 SHA256: 683059ffc904dfbc54289ec0d71ad1703ce0c6b00a0b5d532bc304ce7ba10e27 SSDeep: 96:0lOdqjiTSjY7ZCniimu6I4GP76dUIKWEj:3d2ij7Yiimu6mP76dUIKWi |
|
|
| C:\/588bce7c90097ed212/1031/eula.rtf | 3.73 KB |
MD5:
dda3f14d787e96f76cdeffe334f91517
SHA1: 3b014f10014325b1fc114a5bcb3ada4a386917e1 SHA256: 101ad17d6ecd396791b518a5bf9fb338b39832ddaca35620357b88f24dedb2fe SSDeep: 96:0lOdqjiTSjY7ZCniimu6I4GP76dUIKWEUxI:3d2ij7Yiimu6mP76dUIKWnI |
|
|
| C:\/588bce7c90097ed212/1032/eula.rtf | 9.06 KB |
MD5:
80e4b2b164987165d576cf7290d29585
SHA1: 1eaa9d602d190eec900c01f2e2d68f893cc1e499 SHA256: 6d04f9860d2654bc63ca42dc210e3bdd64f9928066d222fcb263794a57e390b7 SSDeep: 192:pDUb/95SWlEVXpU6QN42Zh5UVY9tj8u6y5LJEyu1Y:pwbVwWeVXpU6I42QStAk9JW1Y |
|
|
| C:\/588bce7c90097ed212/1033/eula.rtf | 3.11 KB |
MD5:
6b537854b627f5b322b725a3d33ba2b9
SHA1: 7a5a099a4d79e66ca4cb31fb49baca61bcd35e38 SHA256: 8a841f06f5d1863159e24ee6f056a43db48c3035ca8c9494082632e451347087 SSDeep: 96:wdSjHXEIgjKu8JS5PDpFbsMF9hpaGpG4PRPY+:7jHZVu+GFlvJppJh |
|
|
| C:\/588bce7c90097ed212/1033/eula.rtf | 3.51 KB |
MD5:
74f38ad8ea3079534367e176173d95c4
SHA1: f109788470dbadeaeb617aac189d6ce2e54da574 SHA256: 07faf92e4e12aa4e584954dd53b73764058799d56fe1c34c85f19b634ba84776 SSDeep: 96:wdSjHXEIgjKu8JS5PDpFbsMF9hpaGpG4PRPYHghk:7jHZVu+GFlvJppJ2gG |
|
|
| C:\/588bce7c90097ed212/1035/eula.rtf | 4.01 KB |
MD5:
64cb7e5a264b7d596d6fce3454eb27ef
SHA1: 057ca022dfbc489f2804904b52b5e0fc2bc0acb2 SHA256: 02db4a7a5f523fead89f52223e6e94a7a52a7d841dff6036e55d460011f923e3 SSDeep: 96:FeHDhYrJCnXcif/HXFGTx607Afj1iE3bvTzl9JTCZ:ourJCnXcg/3cbcb1iExn8 |
|
|
| C:\/588bce7c90097ed212/1036/eula.rtf | 3.44 KB |
MD5:
6a8b920cdb6cb395b9370ffee2f2e384
SHA1: 04f45786e324ba5e3ecdead4fbce4b29c8fa2f72 SHA256: 78d9244b6cb1ecd5edf25416cbe3ca41843f3fdd6367dac46790b8c016b1dfff SSDeep: 96:asrmMbXB/OT3o8tCbticovcYEfFvQLOYNnD:aImMbR/OT3bUkcovcVILOw |
|
|
| C:\/588bce7c90097ed212/1036/eula.rtf | 3.84 KB |
MD5:
178c12449a0052f0c36264882e4d08c3
SHA1: dc6a732ceef09cfcd40ea2ebeb82e760541733db SHA256: 7df32937312e99976de7c1f43f275bce814f9337c98eb89f5410615af3d6785c SSDeep: 96:asrmMbXB/OT3o8tCbticovcYEfFvQLOYNnQ:aImMbR/OT3bUkcovcVILOL |
|
|
| C:\/588bce7c90097ed212/1037/eula.rtf | 6.69 KB |
MD5:
bb74e14dc3259da32c1b59b4308cb7a6
SHA1: 62c9b067e22647f38ba3d9ed4b87fe105a98913f SHA256: 1a7b7f68b5ec13ff5331aa61043cfa9f3ea24c42d26d8e93c5534c3d180daa59 SSDeep: 192:KV3Q7VrJBJheJKAukFi3ONPA2/xpnVDq+BOxl:mmrrCJKu00lxpV++y |
|
|
| C:\/588bce7c90097ed212/1037/eula.rtf | 7.08 KB |
MD5:
fda26aac2c8f7c7857264c8f8b0a094b
SHA1: bc90b8b1ca1db35808e25b39fb1d9b45f4140035 SHA256: d43e73951ab96460aec75e846e7d3b20e3498fc31c1edefa94173563970d0137 SSDeep: 192:KV3Q7VrJBJheJKAukFi3ONPA2/xpnVDq+BOxg:mmrrCJKu00lxpV++f |
|
|
| C:\/588bce7c90097ed212/1038/eula.rtf | 4.15 KB |
MD5:
14eff5204f16e82fb9ca30979f077e47
SHA1: 91f846ce2e1d4758cf522764ad92b64ce0a0517f SHA256: aa9581988350cca82f8a72446e3e9ba94d6fd8c417258d460ea90a26b8e2eb6c SSDeep: 96:CFGTrTrLqs/e8TVhAiO1dBSIlIGLvXAYGxuozCTOJzFUj4n:CFaTr2s/NhA/1doIWAXzGxuozd3Uj4n |
|
|
| C:\/588bce7c90097ed212/1040/eula.rtf | 3.56 KB |
MD5:
b5a59bc8488e21a59c8141e9d4406a9b
SHA1: 368d789231daa70f812cf6a1032e9395a15a8f0d SHA256: e05d1f740e3844a3d636451ed70f4ce4204297e301b18ac7ad28709ee02a6883 SSDeep: 96:jI8ItMDaJf2o7r4gZ6Mh8G1EIHZaZjriz1ZS2R:qt6QfJQMhxvHZ4+xZS2R |
|
|
| C:\/588bce7c90097ed212/1040/eula.rtf | 3.95 KB |
MD5:
aa279c0426bb28d66425b709692944df
SHA1: d8b21d2c81464d4415325035b57639bc9e0da960 SHA256: 1f1216f4a7483f8af78a30e64bd712558ddc281cb9db73334c69b1443eff0c27 SSDeep: 96:jI8ItMDaJf2o7r4gZ6Mh8G1EIHZaZjriz1ZS2y0q:qt6QfJQMhxvHZ4+xZS2hq |
|
|
| C:\/588bce7c90097ed212/1041/eula.rtf | 9.89 KB |
MD5:
c5a7260bdcfb4fe714cdca0146bdd510
SHA1: 943208099ecdc93ea8a46e8527c8d9e9c1140cb4 SHA256: 301170f884ee8f60747400ee57481c5b762193b50b1501add560a129399217cd SSDeep: 192:pP36MKgrHJ/psPb6RtWE/jGrebgqQC8OayecofBe:pv6MKgrphx3/zgqQC4Ls |
|
|
| C:\/588bce7c90097ed212/1041/eula.rtf | 10.28 KB |
MD5:
19de8aff6dacc6873c6bd4eeca00ba91
SHA1: 3529194ce403f75d776ef7a2dc40153a88451a4d SHA256: 62d84fb0536fad075182d9bb1ef8e9ef076605b785285db71060eb5e818bedd1 SSDeep: 192:pP36MKgrHJ/psPb6RtWE/jGrebgqQC8OayecofBsVo:pv6MKgrphx3/zgqQC4L/ |
|
|
| C:\/588bce7c90097ed212/1042/eula.rtf | 12.39 KB |
MD5:
d5708a5f935f703048cf8582dc624190
SHA1: a33538eeb5ec45e45938663cbbd9a2fa75f91b2d SHA256: 2c0a6028f16a99f8753fed9e7b29718398ee5183379282b4dc17b9e95ea0e3eb SSDeep: 384:8nFXYitH62lbpQJOivT8xBbGSc4fDUTGjc/C2rgzv9n:CFd65giwWI/x |
|
|
| C:\/588bce7c90097ed212/1042/eula.rtf | 12.78 KB |
MD5:
f42e85c000e606cc6e00a010a26f2a50
SHA1: 0fd3e574d7ff5de017dbc0a417e54483eddcb2da SHA256: 5ff8f8c9ea5c037a3bfa56ca473cdeef053320ed7d237b7768b977844c7dbc59 SSDeep: 384:8nFXYitH62lbpQJOivT8xBbGSc4fDUTGjc/C2rgzv9JK:CFd65giwWI/K |
|
|
| C:\/588bce7c90097ed212/1043/eula.rtf | 3.86 KB |
MD5:
d97211c4f4be375db70609c7bc5407f5
SHA1: b9621ac5827840e6d036bfc41d3454de603a279c SHA256: 22c5dc94c2ca24ce437a45b93c755915c3156d0cbbc1ac67bfd992d9ea93538c SSDeep: 96:ghDjyUy/mqv5uGIocXSAgTe5Bt4kHiqQdKtO:UPy/mqv5uQD7GgKg |
|
|
| C:\/588bce7c90097ed212/1044/eula.rtf | 2.97 KB |
MD5:
b79221b0f322b2ef03b6b8a4f3cd8d74
SHA1: efc4831d8b999701a17cad896123a07555184aed SHA256: 38cbaaf3330c0784020f63150993a9ec9cd391ce3956be6c0437b00403f0f2fc SSDeep: 48:KSzwjIT47mKXyQFgHzaC5v+jkucbUeICbMC9lZjLSCz9p/cMQJTmaNan1Olgu:pzwjIE1iJHzaCE2UeICb5l12Cz9pkMId |
|
|
| C:\/588bce7c90097ed212/1044/eula.rtf | 3.37 KB |
MD5:
0cf576ee7e6f2430dcc73d6de22d4a39
SHA1: ea63405e4d084b0f5e06786795bac205ee15e593 SHA256: eceb1e6f74f49fccf2cf77272e681ea12693bc8f39edd4f92ec27f373cc51690 SSDeep: 96:pzwjIE1iJHzaCE2UeICb5l12Cz9pkMI8n1OXxY:V0XOHz1UeIM5/2xYOBY |
|
|
| C:\/588bce7c90097ed212/1045/eula.rtf | 3.95 KB |
MD5:
f55bca5044f6df73efc3e2672b904723
SHA1: 8ee82fd9b59cc4960a2b99855417c2b7d68bb758 SHA256: cd436f6fdfd507537850a03d5f0811274770e9210a04f75d4da79cf7c1fe84f1 SSDeep: 96:W0pYg82k3KOheQBhj3PjeVESaWCAoJvpBsjSXZJbRvRfwo4YHYv4XI:Ww46OH/fKztqsOFv90wXI |
|
|
| C:\/588bce7c90097ed212/1045/eula.rtf | 4.34 KB |
MD5:
d267417aed38a36712ba9d1500c4db4e
SHA1: 83943d868f7fc288e27d939d9f56ac96ed97d417 SHA256: 1070cec7a648fd0cda7398fdf3284512ce6737bd212ef33dec996360a61335ab SSDeep: 96:W0pYg82k3KOheQBhj3PjeVESaWCAoJvpBsjSXZJbRvRfwo4YHYv4Xd:Ww46OH/fKztqsOFv90wXd |
|
|
| C:\/588bce7c90097ed212/1046/eula.rtf | 3.60 KB |
MD5:
3c64403466271382a33bed1502a04c75
SHA1: 438da3257aeceaadb963087dd89bb78cb396fe6e SHA256: 065c0f5b4728ac3dbd52708ff7c198e37162bebb6420b2585fcc6a67196d3e52 SSDeep: 96:hb2maCWLXeyEwONVr+lmB0mahGf8Ngpj0h8iAfquPw7S:hbub/uN0cRhaRyffPMS |
|
|
| C:\/588bce7c90097ed212/1046/eula.rtf | 3.99 KB |
MD5:
b652099f478423577b8ef350d2bb29e6
SHA1: 6379d9fd41e19250f9fdceade642562d8b144e0f SHA256: ba7baf7111576565ce8cf69e43781a795038fd2bdb68017cbe028e08314dec00 SSDeep: 96:hb2maCWLXeyEwONVr+lmB0mahGf8Ngpj0h8iAfquPw75vZiYYY:hbub/uN0cRhaRyffPM5vNYY |
|
|
| C:\/588bce7c90097ed212/1049/eula.rtf | 53.18 KB |
MD5:
3e7951e2913f39c41c4b33e6417e9f73
SHA1: ef5782dfbf15fce317062e7f7a1aff421b26bb5d SHA256: 55d9b0bcf6c3e5a913311459011aadbc66a1570f6a98faa0757dab90b4285123 SSDeep: 1536:sE4OMKSms4sAcHB3M15TXhm0P6aM1D9uDJDb1Lfa:srBms4sAcHBSF7P6H15wbpa |
|
|
| C:\/588bce7c90097ed212/1049/eula.rtf | 53.57 KB |
MD5:
66a98b03b58bd96e79ddc86f50df46eb
SHA1: eccee8ba5a3d0d022b3f9178908dd2b3dc6a3379 SHA256: c6f2dd405b5db734eae03bde424777067a4f5d88764c5e1d3e4ee68a2ed42a62 SSDeep: 1536:sE4OMKSms4sAcHB3M15TXhm0P6aM1D9uDJDb1Lfa:srBms4sAcHBSF7P6H15wbpa |
|
|
| C:\/588bce7c90097ed212/1053/eula.rtf | 3.77 KB |
MD5:
c7bb076a12b3261ad1e287bf9ed130a1
SHA1: 06ac0b7578fa4c2bb276b1e69f45e975e16c3475 SHA256: 37676a34eb20276d530eb591bf1ecd53badc46c2747ec894c47dcf263d4f1546 SSDeep: 96:7GeQ/IrUEEeKovEawFV6nSYBVGtftHwFXnrBGv8RS7sGDPx:dQi5Y3YSCqftHwFrB1ksq |
|
|
| C:\/588bce7c90097ed212/1053/eula.rtf | 4.17 KB |
MD5:
e8ed64153ac0189b44f4b1723876b9ff
SHA1: 4809b0227306e1b8bde3d24a9cfebac423c24384 SHA256: b7f59e40bd529be70179046216b529823198a9a01cd4dcc681c94af848edce63 SSDeep: 96:7GeQ/IrUEEeKovEawFV6nSYBVGtftHwFXnrBGv8RS7sGDP84Vy:dQi5Y3YSCqftHwFrB1ks0Vy |
|
|
| C:\/588bce7c90097ed212/1055/eula.rtf | 3.77 KB |
MD5:
7df37c7e796926e15e5a32120a122db4
SHA1: f4f0f66c49178f56574f0346c5396aec033ade70 SHA256: 59f395a6f29993eef9ce1afb7d58a0fb6aa14253733e4bbefd8f96d891e5589a SSDeep: 96:yj/DE6SyoA5NndRUNnKgtM4D3M5MTWKcHu:IbE/yXPUNnvM4D3M5Zc |
|
|
| C:\/588bce7c90097ed212/1055/eula.rtf | 4.16 KB |
MD5:
1244510f89551ed77d3113caf9c08cfb
SHA1: ff28d695f4d20b0b307e6130b6af610ead8b3be2 SHA256: 027f635c558431f93a52087abc01fe1b9dc390c8aa27766c083473a766f8796c SSDeep: 96:yj/DE6SyoA5NndRUNnKgtM4D3M5MTWKcH8IIa:IbE/yXPUNnvM4D3M5Zx |
|
|
| C:\/588bce7c90097ed212/2052/eula.rtf | 5.69 KB |
MD5:
c9ea181983d16f93cf1e4b0a4031f210
SHA1: 707596ef43effd20cbd34fb1a0a5feda42a3fc1a SHA256: c64280413d0d7855a61a3083f258be39a995e3dbb0623a53b6e528b921beddef SSDeep: 96:Mavl6drKJitHTP80kD757Gu67p08FHrXxbxl3FPfVr7NeIec2U/df4qp9hq:bv8txOl7X693Hrhb1tNeIec2UFQqU |
|
|
| C:\/588bce7c90097ed212/2052/eula.rtf | 6.08 KB |
MD5:
a156919c857cc7c74098c9104a495858
SHA1: ccb6d4dd94481cde8e62cf3ab35c93353aa7ef9a SHA256: 2fb062f76eb75c14181f083c37fac41254a9603d101090033560821bd97c2e5d SSDeep: 96:Mavl6drKJitHTP80kD757Gu67p08FHrXxbxl3FPfVr7NeIec2U/df4qp9hdPUK:bv8txOl7X693Hrhb1tNeIec2UFQqjPd |
|
|
| C:\/588bce7c90097ed212/2070/eula.rtf | 3.92 KB |
MD5:
f462544d2600b509944ff7afc32f90cb
SHA1: b4e07afcc45c68d51a19913f226cc7c7bb028733 SHA256: 5a7f73e29084a10d0d260ed85a56b2458ce9357d761c8b5880120aef621e0b64 SSDeep: 96:nQtWM6j3kWM+y12axbNSQ2Y3cFc7h0zXANCGLGFR49JLL1/:nQgM6Qh24ZHIsR3GFR4L3B |
|
|
| C:\/588bce7c90097ed212/2070/eula.rtf | 4.31 KB |
MD5:
7358360d9c9c05197d9b86abc64051c7
SHA1: 2f6e2eb7887751b1acb2411b94f98bff411dfea9 SHA256: 62a0c26425016051ee6244e3b138839942c91a2e1f2b0a06d8cd17cfe1791557 SSDeep: 96:nQtWM6j3kWM+y12axbNSQ2Y3cFc7h0zXANCGLGFR49JLL1iPPRv:nQgM6Qh24ZHIsR3GFR4L3MPl |
|
|
| C:\/588bce7c90097ed212/3076/eula.rtf | 6.16 KB |
MD5:
b67fd6263d2b69214f058bc3a494822c
SHA1: 1f738a4a3f84e3a7180d680fb9c365d51f7154cc SHA256: f7eb7ef45c879e1005d639ad58089eb5fa52508921420f784f20e0ed804b6e3f SSDeep: 96:lx2zaIjE9/L+CSDng41GyfvfMG/drhrgQSHtapJDTtT/HCL4xbuBVE/WrTTdtDrq:f0bEJNSDg41JfnM4phMQDD5zrAmefTzq |
|
|
| C:\/588bce7c90097ed212/3082/eula.rtf | 3.00 KB |
MD5:
1b448a9f754bda4bb39ec6efa4a7d04d
SHA1: 147caf710df6b55b1f1cf42196408e411b1a5017 SHA256: 797515d280853d12c10b889160b7aeb53d8ad72964040d44fd240943d8f3f1b8 SSDeep: 48:9JBa5j6S9LtqMQkjoR8s8ZJbqDN39O5WVWWKnZclHVSeM8kt8H7zXT1KczP7emCC:9JonksjomZJbEOYtfxt1bzj1KczPnzVR |
|
|
| C:\/588bce7c90097ed212/3082/eula.rtf | 3.39 KB |
MD5:
a49800f7b39e79b31f8f888c3d867c64
SHA1: 2a2d1dec142e542e2699da5cde3f55092144915d SHA256: de888f87c2694bb6d2e3ebf2c59f61666067bffe1a42f735de11fc7728663ee5 SSDeep: 96:9JonksjomZJbEOYtfxt1bzj1KczPnzVBM6ZFoYvvw:9J2oKEp3vj1Km/zVBnZFzvvw |
|
|
| C:\/Boot/BOOTSTAT.DAT | 64.00 KB |
MD5:
a5d39c10aee29c0f6ce9b8dddb7a7f2c
SHA1: 41d57080899965e8de537b0940a0573fcf34a48c SHA256: f4c3734e75a0de458aceae14e25df0c3247596ce9806507d4250189ebc5bf45c SSDeep: 1536:4WVzQTlvEwoyRg0WQ4LetidsovNJr2aWE22DhEJqJnN4A94nRUq9aZ:A5vL+0WdSi1eTeeIPq9+ |
|
|
| C:\/ProgramData/Microsoft/ClickToRun/0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4/en-us.16/stream.x64.en-us.man.dat | 861.94 KB |
MD5:
ce63b24aa2d519cfc960522bae91212a
SHA1: cc65747f489ea236617f8f01ddd224e3e4c20182 SHA256: 68335319b8de543753442bdc246c7587bcb278b78b6105e547a0509072a762b7 SSDeep: 24576:gRvUWfuMCpFHD4OCtTS+KuKDH4iwjsJDHsWwUDddlLPflysisvG:QUWGMCLj4TuPf3LlL1ysisO |
|
|
| C:\/ProgramData/Microsoft/ClickToRun/0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4/en-us.16/stream.x64.en-us.man.dat | 862.35 KB |
MD5:
a41a9a572741266dd07e58fa76ac76ed
SHA1: ea1635371c83d6c3bc9d9396d8173d86c1bb045c SHA256: ae70e28cb283dac08c390d2be16aff1e092a64a5d313737f55fae8d0a1e175ab SSDeep: 24576:gRvUWfuMCpFHD4OCtTS+KuKDH4iwjsJDHsWwUDddlLPflysisvI:QUWGMCLj4TuPf3LlL1ysisw |
|
|
| C:\/ProgramData/Microsoft/ClickToRun/0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4/x-none.16/stream.x64.x-none.man.dat | 3.52 MB |
MD5:
53df83ed4dc16184006579394d03fa74
SHA1: 55512807d45dd6e707d5c32070e9a44fb085a41b SHA256: 9d276b12d92b4eb6b8355bf372c6179bfed6b4478debf47e1fcc86041e2982f1 SSDeep: 49152:zogt9MKrsdj7AW2HKsCKp6vcwS+KEtBY4r0Brf5Y0Am5jD1upPXY5q9Z2hI4821Z:0gTM8orK+xlEBrfCOjDmXY5qLWB825z |
|
|
| C:\/ProgramData/Microsoft/ClickToRun/0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4/x-none.16/stream.x64.x-none.man.dat | 3.52 MB |
MD5:
3f10604e7d6154d000a0a665fb2cc70b
SHA1: 8352e8ace161ac13c2315e169056a03ca54ef406 SHA256: 8aa82f45f74c12496861796125f0423fe309aeb350ee593635cf7a9e5b36065a SSDeep: 49152:zogt9MKrsdj7AW2HKsCKp6vcwS+KEtBY4r0Brf5Y0Am5jD1upPXY5q9Z2hI4821+:0gTM8orK+xlEBrfCOjDmXY5qLWB825Q |
|
|
| C:\/ProgramData/Microsoft/ClickToRun/19B11135-37BD-4FA1-A78E-C20CA2BDA1C0/x-none.16/stream.x64.x-none.man.dat | 3.52 MB |
MD5:
778c9a816fcd1e3e3d92a66e0bdf9a7d
SHA1: 2560bacc5ed44836b20e647f7c7ea2319d3adc4c SHA256: cc496bd415d5d24a31f7cf132400ba2746587b0b92ee4db88b22b5545cc5ad42 SSDeep: 49152:wF2ZscqQL7zzyBXIozDvnqdXP+DFaP9ItySltEp8cOAGZCDZuCvMVw4Y+NMXx+3M:e2ddyWo/v0GDkPo5cOWZuiF1 |
|
|
| C:\/ProgramData/Microsoft/ClickToRun/201EB7DF-C721-4B8B-9C81-A09DE7F931E6/en-us.16/stream.x64.en-us.man.dat | 861.94 KB |
MD5:
21cf3caec9b7b42a67302fbd4f43eeea
SHA1: 23c5a1b63b2dd54db84d56e44e034f004c88806e SHA256: 0e77258bb77ab2522573734a20aa7e1eccb7b5cb8a7a8c35dec0a75faf4a08ed SSDeep: 24576:V0BoRItDc1uC6vT1pQtKiQ/+DSX5IPTkK:muRItQ1uCSwtK9G97 |
|
|
| C:\/ProgramData/Microsoft/ClickToRun/201EB7DF-C721-4B8B-9C81-A09DE7F931E6/en-us.16/stream.x64.en-us.man.dat | 862.35 KB |
MD5:
3d951e18670e67e7b18c62849e10826c
SHA1: a686e9144933108bb1293ce2ffebb76b5d8b2511 SHA256: f4b69d2c7ba3fc5529688b553d29a239fbf9868bc357c21218e6f2eb4bb51ade SSDeep: 24576:V0BoRItDc1uC6vT1pQtKiQ/+DSX5IPTkx:muRItQ1uCSwtK9G9E |
|
|
| C:\/ProgramData/Microsoft/ClickToRun/201EB7DF-C721-4B8B-9C81-A09DE7F931E6/x-none.16/stream.x64.x-none.man.dat | 3.52 MB |
MD5:
9c5ee57f96922e35731a45f15157e5b7
SHA1: 71b02592308cb4de56db6dca4b14416229233910 SHA256: b8dfb97f953ba5593805e6443b3efb64d80f5fe1fe09217b030b6af9aa9b0dd9 SSDeep: 98304:lYW58eJWGRbe7FsBaXYkU17k8afsqaDoNqy5ih4i1sxH:OWueDa7FlHYkfNaDeqyiai1sxH |
|
|
| C:\/ProgramData/Microsoft/ClickToRun/201EB7DF-C721-4B8B-9C81-A09DE7F931E6/x-none.16/stream.x64.x-none.man.dat | 3.52 MB |
MD5:
6c5e85ff602ad4102cfbcc89ee1626af
SHA1: a736b24c3ad4573e4f4c37b48b4082e3603043da SHA256: 86eaa40849bc798cbf01c6c06f1c5714f23c39016709361f1854dfcf9aced387 SSDeep: 98304:lYW58eJWGRbe7FsBaXYkU17k8afsqaDoNqy5ih4i1sxB:OWueDa7FlHYkfNaDeqyiai1sxB |
|
|
| C:\/ProgramData/Microsoft/ClickToRun/ProductReleases/5A65C4D7-3CDF-4BE4-8560-F036D300C13F/en-us.16/stream.x86.en-us.man.dat | 1.03 MB |
MD5:
3efe8a012f761bb9352c2c73f4ada982
SHA1: 70807965e31ce4e7391a69c9546497f1cfc30321 SHA256: c1145dd68e512d3780ee49451797d52cba5f10da6195aab0fc7b7f4f654fd891 SSDeep: 24576:p5xIuQYn5QjM8ejLQ/b7zvgwhdEVZErDwDfYUG3IYgj:CuQGSgC/bAwHHDwjYUGY5j |
|
|
| C:\/ProgramData/Microsoft/ClickToRun/ProductReleases/5A65C4D7-3CDF-4BE4-8560-F036D300C13F/x-none.16/stream.x86.x-none.man.dat | 4.38 MB |
MD5:
0f6642b30881233c35909f9b6492c7b1
SHA1: 9e360e133affb209714cb2bcaddf4c8f62c6aeef SHA256: b641c88708ee913fc1bd87702f2e237dbeae0c5e48fddade8b0f3934e2d8830d SSDeep: 98304:RAnckjZ5+sljU6GFGUUslG1yQ0oMvOaXeqqUNe7b+q1WYDnnq15:RvkjZ5+sljyAslIL0o/eeSeGa74 |
|
|
| C:\/ProgramData/Microsoft/ClickToRun/ProductReleases/A6A87302-92AE-41F2-AC52-73F5EE18259F/en-us.16/stream.x86.en-us.man.dat | 1.03 MB |
MD5:
0ff93bc37c95c49c049ce5e1ffb33309
SHA1: 6032157cd744335e169764d7ab3373086870970f SHA256: 9bda23ac8565593ec4b1d7ca67eaab27c7b709e663b4712e9dec37e47c1ccc36 SSDeep: 24576:8eaZKzGHVsyOLlpchx8wggVav+8xlQffCmupLG57rmNXyHX:85FV5OI8wgYav+5VuR0GNiHX |
|
|
| C:\/ProgramData/Microsoft/ClickToRun/ProductReleases/A6A87302-92AE-41F2-AC52-73F5EE18259F/x-none.16/stream.x86.x-none.man.dat | 4.38 MB |
MD5:
9923593d7ee29a126c6dbeb1f8e482d4
SHA1: f09fd4573af37df67dcb2bb994d89d00ad604220 SHA256: 4e4ef60be0805a23874cfbd23d5b8be9131ea5dd225eef077c293de923946310 SSDeep: 98304:O6gHyMT9wq1AJi8NYGj0qscMaiN6Y+592dQLAKho0hyJ:ONlbmM89guilmAKho0h6 |
|
|
Host Behavior
File (5907)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | A:\ | file_attributes = FILE_FLAG_BACKUP_SEMANTICS |
|
2 | |
| Create | B:\ | file_attributes = FILE_FLAG_BACKUP_SEMANTICS |
|
2 | |
| Create | D:\ | file_attributes = FILE_FLAG_BACKUP_SEMANTICS |
|
2 | |
| Create | E:\ | file_attributes = FILE_FLAG_BACKUP_SEMANTICS |
|
2 | |
| Create | F:\ | file_attributes = FILE_FLAG_BACKUP_SEMANTICS |
|
2 | |
| Create | G:\ | file_attributes = FILE_FLAG_BACKUP_SEMANTICS |
|
2 | |
| Create | H:\ | file_attributes = FILE_FLAG_BACKUP_SEMANTICS |
|
2 | |
| Create | I:\ | file_attributes = FILE_FLAG_BACKUP_SEMANTICS |
|
2 | |
| Create | J:\ | file_attributes = FILE_FLAG_BACKUP_SEMANTICS |
|
2 | |
| Create | K:\ | file_attributes = FILE_FLAG_BACKUP_SEMANTICS |
|
2 | |
| Create | L:\ | file_attributes = FILE_FLAG_BACKUP_SEMANTICS |
|
2 | |
| Create | M:\ | file_attributes = FILE_FLAG_BACKUP_SEMANTICS |
|
2 | |
| Create | N:\ | file_attributes = FILE_FLAG_BACKUP_SEMANTICS |
|
2 | |
| Create | O:\ | file_attributes = FILE_FLAG_BACKUP_SEMANTICS |
|
2 | |
| Create | P:\ | file_attributes = FILE_FLAG_BACKUP_SEMANTICS |
|
2 | |
| Create | Q:\ | file_attributes = FILE_FLAG_BACKUP_SEMANTICS |
|
2 | |
| Create | R:\ | file_attributes = FILE_FLAG_BACKUP_SEMANTICS |
|
2 | |
| Create | S:\ | file_attributes = FILE_FLAG_BACKUP_SEMANTICS |
|
2 | |
| Create | T:\ | file_attributes = FILE_FLAG_BACKUP_SEMANTICS |
|
2 | |
| Create | U:\ | file_attributes = FILE_FLAG_BACKUP_SEMANTICS |
|
2 | |
| Create | V:\ | file_attributes = FILE_FLAG_BACKUP_SEMANTICS |
|
2 | |
| Create | W:\ | file_attributes = FILE_FLAG_BACKUP_SEMANTICS |
|
2 | |
| Create | X:\ | file_attributes = FILE_FLAG_BACKUP_SEMANTICS |
|
2 | |
| Create | Y:\ | file_attributes = FILE_FLAG_BACKUP_SEMANTICS |
|
2 | |
| Create | Z:\ | file_attributes = FILE_FLAG_BACKUP_SEMANTICS |
|
2 | |
| Create | C:\ProgramData\session.json | file_attributes = FILE_FLAG_BACKUP_SEMANTICS |
|
1 | |
| Create | C:\ProgramData\session.json | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Go | file_attributes = FILE_FLAG_BACKUP_SEMANTICS |
|
1 | |
| Create | list.txt | file_attributes = FILE_FLAG_BACKUP_SEMANTICS |
|
1 | |
| Create | C:\ | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Documents and Settings | file_attributes = FILE_FLAG_BACKUP_SEMANTICS |
|
1 | |
| Create | C:\/hiberfil.sys | file_attributes = FILE_FLAG_BACKUP_SEMANTICS |
|
2 | |
| Create | C:\/pagefile.sys | file_attributes = FILE_FLAG_BACKUP_SEMANTICS |
|
2 | |
| Create | C:\/swapfile.sys | file_attributes = FILE_FLAG_BACKUP_SEMANTICS |
|
2 | |
| Create | C:\/$GetCurrent\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/$GetCurrent\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/$GetCurrent\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/$GetCurrent | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/$GetCurrent/Logs\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/$GetCurrent/Logs\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/$GetCurrent/Logs\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/$GetCurrent/Logs | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/$GetCurrent/Logs/PartnerSetupCompleteResult.log | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/$GetCurrent/Logs/PartnerSetupCompleteResult.log | desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/$GetCurrent/Logs/downlevel_2017_09_07_02_02_39_766.log | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/$GetCurrent/Logs/downlevel_2017_09_07_02_02_39_766.log | desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/$GetCurrent/Logs/oobe_2017_09_07_03_08_57_737.log | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/$GetCurrent/Logs/oobe_2017_09_07_03_08_57_737.log | desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/$GetCurrent/SafeOS\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/$GetCurrent/SafeOS\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/$GetCurrent/SafeOS\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/$GetCurrent/SafeOS | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212 | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/DHtmlHeader.html | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/DHtmlHeader.html | desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1025\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1025\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1025\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1025 | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1025/eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1025/eula.rtf | desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1028\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1028\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1028\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1028 | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1028/eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1028/eula.rtf | desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1029\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1029\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1029\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1029 | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1029/eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1029/eula.rtf | desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1030\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1030\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1030\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1030 | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1030/eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1030/eula.rtf | desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1031\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1031\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1031\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1031 | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1031/eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1031/eula.rtf | desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1032\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1032\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1032\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1032 | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1032/eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1032/eula.rtf | desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1033\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1033\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1033\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1033 | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1033/eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1033/eula.rtf | desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1035\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1035\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1035\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1035 | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1035/eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1035/eula.rtf | desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1036\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1036\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1036\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1036 | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1036/eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1036/eula.rtf | desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1037\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1037\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1037\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1037 | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1037/eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1037/eula.rtf | desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1038\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1038\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1038\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1038 | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1038/eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1038/eula.rtf | desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1040\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1040\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1040\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1040 | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1040/eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1040/eula.rtf | desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1041\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1041\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1041\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1041 | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1041/eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1041/eula.rtf | desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1042\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1042\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1042\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1042 | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1042/eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1042/eula.rtf | desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1043\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1043\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1043\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1043 | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1043/eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1043/eula.rtf | desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1044\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1044\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1044\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1044 | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1044/eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1044/eula.rtf | desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1045\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1045\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1045\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1045 | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1045/eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1045/eula.rtf | desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1046\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1046\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1046\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1046 | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1046/eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1046/eula.rtf | desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1049\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1049\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1049\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1049 | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1049/eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1049/eula.rtf | desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1053\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1053\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1053\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1053 | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1053/eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1053/eula.rtf | desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1055\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1055\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1055\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1055 | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1055/eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/1055/eula.rtf | desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/2052\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/2052\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/2052\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/2052 | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/2052/eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/2052/eula.rtf | desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/2070\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/2070\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/2070\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/2070 | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/2070/eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/2070/eula.rtf | desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/3076\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/3076\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/3076\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/3076 | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/3076/eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/3076/eula.rtf | desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/3082\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/3082\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/3082\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/3082 | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/3082/eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/3082/eula.rtf | desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/Client\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/Client\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/Client\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/Client | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/Extended\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/Extended\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/Extended\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/Extended | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/Graphics\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/Graphics\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/Graphics\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/588bce7c90097ed212/Graphics | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/BCD.LOG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/BOOTSTAT.DAT | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/BOOTSTAT.DAT | desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/Fonts\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/Fonts\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/Fonts\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/Fonts | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/Resources\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/Resources\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/Resources\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/Resources | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/Resources/en-US\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/Resources/en-US\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/Resources/en-US\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/Resources/en-US | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/bg-BG\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/bg-BG\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/bg-BG\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/bg-BG | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/cs-CZ\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/cs-CZ\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/cs-CZ\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/cs-CZ | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/da-DK\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/da-DK\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/da-DK\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/da-DK | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/de-DE\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/de-DE\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/de-DE\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/de-DE | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/el-GR\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/el-GR\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/el-GR\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/el-GR | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/en-GB\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/en-GB\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/en-GB\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/en-GB | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/en-US\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/en-US\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/en-US\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/en-US | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/es-ES\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/es-ES\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/es-ES\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/es-ES | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/es-MX\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/es-MX\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/es-MX\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/es-MX | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/et-EE\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/et-EE\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/et-EE\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/et-EE | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/fi-FI\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/fi-FI\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/fi-FI\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/fi-FI | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/fr-CA\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/fr-CA\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/fr-CA\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/fr-CA | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/fr-FR\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/fr-FR\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/fr-FR\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/fr-FR | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/hr-HR\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/hr-HR\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/hr-HR\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/hr-HR | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/hu-HU\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/hu-HU\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/hu-HU\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/hu-HU | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/it-IT\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/it-IT\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/it-IT\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/it-IT | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/ja-JP\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/ja-JP\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/ja-JP\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/ja-JP | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/ko-KR\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/ko-KR\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/ko-KR\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/ko-KR | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/lt-LT\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/lt-LT\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/lt-LT\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/lt-LT | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/lv-LV\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/lv-LV\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/lv-LV\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/lv-LV | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/nb-NO\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/nb-NO\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/nb-NO\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/nb-NO | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/nl-NL\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/nl-NL\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/nl-NL\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/nl-NL | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/pl-PL\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/pl-PL\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/pl-PL\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/pl-PL | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/pt-BR\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/pt-BR\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/pt-BR\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/pt-BR | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/pt-PT\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/pt-PT\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/pt-PT\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/pt-PT | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/qps-ploc\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/qps-ploc\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/qps-ploc\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/qps-ploc | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/ro-RO\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/ro-RO\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/ro-RO\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/ro-RO | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/ru-RU\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/ru-RU\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/ru-RU\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/ru-RU | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/sk-SK\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/sk-SK\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/sk-SK\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/sk-SK | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/sl-SI\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/sl-SI\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/sl-SI\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/sl-SI | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/sr-Latn-CS\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/sr-Latn-CS\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/sr-Latn-CS\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/sr-Latn-CS | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/sr-Latn-RS\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/sr-Latn-RS\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/sr-Latn-RS\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/sr-Latn-RS | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/sv-SE\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/sv-SE\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/sv-SE\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/sv-SE | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/tr-TR\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/tr-TR\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/tr-TR\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/tr-TR | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/uk-UA\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/uk-UA\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/uk-UA\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/uk-UA | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/zh-CN\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/zh-CN\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/zh-CN\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/zh-CN | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/zh-HK\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/zh-HK\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/zh-HK\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/zh-HK | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/zh-TW\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/zh-TW\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/zh-TW\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Boot/zh-TW | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Documents and Settings\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Documents and Settings\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Documents and Settings\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Documents and Settings | file_attributes = FILE_FLAG_BACKUP_SEMANTICS |
|
1 | |
| Create | C:\/Documents and Settings | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ESD\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ESD\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ESD\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ESD | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Logs\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Logs\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Logs\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/Logs | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/PerfLogs\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/PerfLogs\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/PerfLogs\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/PerfLogs | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Application Data | file_attributes = FILE_FLAG_BACKUP_SEMANTICS |
|
2 | |
| Create | C:\/ProgramData/Desktop | file_attributes = FILE_FLAG_BACKUP_SEMANTICS |
|
2 | |
| Create | C:\/ProgramData/Documents | file_attributes = FILE_FLAG_BACKUP_SEMANTICS |
|
2 | |
| Create | C:\/ProgramData/Start Menu | file_attributes = FILE_FLAG_BACKUP_SEMANTICS |
|
1 | |
| Create | C:\/ProgramData/Templates | file_attributes = FILE_FLAG_BACKUP_SEMANTICS |
|
1 | |
| Create | C:\/ProgramData/Adobe\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Adobe\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Adobe\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Adobe | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Adobe/ARM\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Adobe/ARM\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Adobe/ARM\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Adobe/ARM | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Adobe/ARM/Reader_15.007.20033\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Adobe/ARM/Reader_15.007.20033\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Adobe/ARM/Reader_15.007.20033\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Adobe/ARM/Reader_15.007.20033 | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Adobe/ARM/Reader_15.023.20070\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Adobe/ARM/Reader_15.023.20070\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Adobe/ARM/Reader_15.023.20070\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Adobe/ARM/Reader_15.023.20070 | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Adobe/ARM/S\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Adobe/ARM/S\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Adobe/ARM/S\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Adobe/ARM/S | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Application Data\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Application Data\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Application Data\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Application Data | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Comms\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Comms\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Comms\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Comms | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Desktop\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Desktop\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Desktop\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Desktop | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Documents\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Documents\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Documents\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Documents | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/AppV\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/AppV\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/AppV\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/AppV | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/AppV/Setup\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/AppV/Setup\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/AppV/Setup\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/AppV/Setup | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4 | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4/en-us.16\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4/en-us.16\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4/en-us.16\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4/en-us.16 | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4/en-us.16/stream.x64.en-us.man.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4/en-us.16/stream.x64.en-us.man.dat | desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4/x-none.16\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4/x-none.16\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4/x-none.16\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4/x-none.16 | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4/x-none.16/stream.x64.x-none.man.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4/x-none.16/stream.x64.x-none.man.dat | desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/19B11135-37BD-4FA1-A78E-C20CA2BDA1C0 | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/19B11135-37BD-4FA1-A78E-C20CA2BDA1C0/en-us.16\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/19B11135-37BD-4FA1-A78E-C20CA2BDA1C0/en-us.16\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/19B11135-37BD-4FA1-A78E-C20CA2BDA1C0/en-us.16\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/19B11135-37BD-4FA1-A78E-C20CA2BDA1C0/en-us.16 | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/19B11135-37BD-4FA1-A78E-C20CA2BDA1C0/en-us.16/stream.x64.en-us.man.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/19B11135-37BD-4FA1-A78E-C20CA2BDA1C0/en-us.16/stream.x64.en-us.man.dat | desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/19B11135-37BD-4FA1-A78E-C20CA2BDA1C0/x-none.16\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/19B11135-37BD-4FA1-A78E-C20CA2BDA1C0/x-none.16\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/19B11135-37BD-4FA1-A78E-C20CA2BDA1C0/x-none.16\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/19B11135-37BD-4FA1-A78E-C20CA2BDA1C0/x-none.16 | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/19B11135-37BD-4FA1-A78E-C20CA2BDA1C0/x-none.16/stream.x64.x-none.man.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/19B11135-37BD-4FA1-A78E-C20CA2BDA1C0/x-none.16/stream.x64.x-none.man.dat | desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/201EB7DF-C721-4B8B-9C81-A09DE7F931E6\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/201EB7DF-C721-4B8B-9C81-A09DE7F931E6\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/201EB7DF-C721-4B8B-9C81-A09DE7F931E6\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/201EB7DF-C721-4B8B-9C81-A09DE7F931E6 | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/201EB7DF-C721-4B8B-9C81-A09DE7F931E6/en-us.16\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/201EB7DF-C721-4B8B-9C81-A09DE7F931E6/en-us.16\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/201EB7DF-C721-4B8B-9C81-A09DE7F931E6/en-us.16\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/201EB7DF-C721-4B8B-9C81-A09DE7F931E6/en-us.16 | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/201EB7DF-C721-4B8B-9C81-A09DE7F931E6/en-us.16/stream.x64.en-us.man.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/201EB7DF-C721-4B8B-9C81-A09DE7F931E6/en-us.16/stream.x64.en-us.man.dat | desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/201EB7DF-C721-4B8B-9C81-A09DE7F931E6/x-none.16\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/201EB7DF-C721-4B8B-9C81-A09DE7F931E6/x-none.16\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/201EB7DF-C721-4B8B-9C81-A09DE7F931E6/x-none.16\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/201EB7DF-C721-4B8B-9C81-A09DE7F931E6/x-none.16 | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/201EB7DF-C721-4B8B-9C81-A09DE7F931E6/x-none.16/stream.x64.x-none.man.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/201EB7DF-C721-4B8B-9C81-A09DE7F931E6/x-none.16/stream.x64.x-none.man.dat | desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/MachineData\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/MachineData\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/MachineData\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/MachineData | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/MachineData/Catalog\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/MachineData/Catalog\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/MachineData/Catalog\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/MachineData/Catalog | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/MachineData/Catalog/Packages\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/MachineData/Catalog/Packages\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/MachineData/Catalog/Packages\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/MachineData/Catalog/Packages | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/MachineData/Catalog/Packages/{9AC08E99-230B-47E8-9721-4577B7F124EA}\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/MachineData/Catalog/Packages/{9AC08E99-230B-47E8-9721-4577B7F124EA}\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/MachineData/Catalog/Packages/{9AC08E99-230B-47E8-9721-4577B7F124EA}\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/MachineData/Catalog/Packages/{9AC08E99-230B-47E8-9721-4577B7F124EA} | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/MachineData/Catalog/Packages/{9AC08E99-230B-47E8-9721-4577B7F124EA}/{1A8308C7-90D1-4200-B16E-646F163A08E8}\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/MachineData/Catalog/Packages/{9AC08E99-230B-47E8-9721-4577B7F124EA}/{1A8308C7-90D1-4200-B16E-646F163A08E8}\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/MachineData/Catalog/Packages/{9AC08E99-230B-47E8-9721-4577B7F124EA}/{1A8308C7-90D1-4200-B16E-646F163A08E8}\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/MachineData/Catalog/Packages/{9AC08E99-230B-47E8-9721-4577B7F124EA}/{1A8308C7-90D1-4200-B16E-646F163A08E8} | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/MachineData/Integration\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/MachineData/Integration\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/MachineData/Integration\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/MachineData/Integration | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/MachineData/Integration/ShortcutBackups\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/MachineData/Integration/ShortcutBackups\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/MachineData/Integration/ShortcutBackups\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/MachineData/Integration/ShortcutBackups | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/ProductReleases\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/ProductReleases\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/ProductReleases\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/ProductReleases | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/ProductReleases/5A65C4D7-3CDF-4BE4-8560-F036D300C13F\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/ProductReleases/5A65C4D7-3CDF-4BE4-8560-F036D300C13F\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/ProductReleases/5A65C4D7-3CDF-4BE4-8560-F036D300C13F\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/ProductReleases/5A65C4D7-3CDF-4BE4-8560-F036D300C13F | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/ProductReleases/5A65C4D7-3CDF-4BE4-8560-F036D300C13F/en-us.16\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/ProductReleases/5A65C4D7-3CDF-4BE4-8560-F036D300C13F/en-us.16\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/ProductReleases/5A65C4D7-3CDF-4BE4-8560-F036D300C13F/en-us.16\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/ProductReleases/5A65C4D7-3CDF-4BE4-8560-F036D300C13F/en-us.16 | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/ProductReleases/5A65C4D7-3CDF-4BE4-8560-F036D300C13F/en-us.16/stream.x86.en-us.man.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/ProductReleases/5A65C4D7-3CDF-4BE4-8560-F036D300C13F/en-us.16/stream.x86.en-us.man.dat | desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/ProductReleases/5A65C4D7-3CDF-4BE4-8560-F036D300C13F/x-none.16\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/ProductReleases/5A65C4D7-3CDF-4BE4-8560-F036D300C13F/x-none.16\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/ProductReleases/5A65C4D7-3CDF-4BE4-8560-F036D300C13F/x-none.16\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/ProductReleases/5A65C4D7-3CDF-4BE4-8560-F036D300C13F/x-none.16 | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/ProductReleases/5A65C4D7-3CDF-4BE4-8560-F036D300C13F/x-none.16/stream.x86.x-none.man.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/ProductReleases/5A65C4D7-3CDF-4BE4-8560-F036D300C13F/x-none.16/stream.x86.x-none.man.dat | desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/ProductReleases/A6A87302-92AE-41F2-AC52-73F5EE18259F\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/ProductReleases/A6A87302-92AE-41F2-AC52-73F5EE18259F\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/ProductReleases/A6A87302-92AE-41F2-AC52-73F5EE18259F\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/ProductReleases/A6A87302-92AE-41F2-AC52-73F5EE18259F | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/ProductReleases/A6A87302-92AE-41F2-AC52-73F5EE18259F/en-us.16\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/ProductReleases/A6A87302-92AE-41F2-AC52-73F5EE18259F/en-us.16\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/ProductReleases/A6A87302-92AE-41F2-AC52-73F5EE18259F/en-us.16\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/ProductReleases/A6A87302-92AE-41F2-AC52-73F5EE18259F/en-us.16 | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/ProductReleases/A6A87302-92AE-41F2-AC52-73F5EE18259F/en-us.16/stream.x86.en-us.man.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/ProductReleases/A6A87302-92AE-41F2-AC52-73F5EE18259F/en-us.16/stream.x86.en-us.man.dat | desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/ProductReleases/A6A87302-92AE-41F2-AC52-73F5EE18259F/x-none.16\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/ProductReleases/A6A87302-92AE-41F2-AC52-73F5EE18259F/x-none.16\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/ProductReleases/A6A87302-92AE-41F2-AC52-73F5EE18259F/x-none.16\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/ProductReleases/A6A87302-92AE-41F2-AC52-73F5EE18259F/x-none.16 | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/ProductReleases/A6A87302-92AE-41F2-AC52-73F5EE18259F/x-none.16/stream.x86.x-none.man.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/ProductReleases/A6A87302-92AE-41F2-AC52-73F5EE18259F/x-none.16/stream.x86.x-none.man.dat | desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/UserData\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/UserData\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/UserData\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/UserData | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/{9AC08E99-230B-47e8-9721-4577B7F124EA}\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/{9AC08E99-230B-47e8-9721-4577B7F124EA}\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/{9AC08E99-230B-47e8-9721-4577B7F124EA}\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/ClickToRun/{9AC08E99-230B-47e8-9721-4577B7F124EA} | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Crypto\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Crypto\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Crypto\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Crypto | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Crypto/DSS\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Crypto/DSS\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Crypto/DSS\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Crypto/DSS | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Crypto/DSS/MachineKeys\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Crypto/DSS/MachineKeys\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Crypto/DSS/MachineKeys\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Crypto/DSS/MachineKeys | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Crypto/Keys\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Crypto/Keys\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Crypto/Keys\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Crypto/Keys | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Crypto/PCPKSP\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Crypto/PCPKSP\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Crypto/PCPKSP\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Crypto/PCPKSP | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Crypto/PCPKSP/WindowsAIK\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Crypto/PCPKSP/WindowsAIK\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Crypto/PCPKSP/WindowsAIK\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Crypto/PCPKSP/WindowsAIK | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Crypto/RSA\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Crypto/RSA\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Crypto/RSA\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Crypto/RSA | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Crypto/RSA/MachineKeys\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Crypto/RSA/MachineKeys\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Crypto/RSA/MachineKeys\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Crypto/RSA/MachineKeys | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Crypto/RSA/S-1-5-18\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Crypto/RSA/S-1-5-18\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Crypto/RSA/S-1-5-18\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Crypto/RSA/S-1-5-18 | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Crypto/SystemKeys\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Crypto/SystemKeys\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Crypto/SystemKeys\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Crypto/SystemKeys | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/DRM\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/DRM\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/DRM\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/DRM | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/DRM/Server\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/DRM/Server\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/DRM/Server\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/DRM/Server | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/DataMart\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/DataMart\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/DataMart\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/DataMart | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/DataMart/PaidWiFi\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/DataMart/PaidWiFi\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/DataMart/PaidWiFi\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/DataMart/PaidWiFi | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Device Stage\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Device Stage\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Device Stage\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Device Stage | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Device Stage/Device\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Device Stage/Device\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Device Stage/Device\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Device Stage/Device | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Device Stage/Device/{113527a4-45d4-4b6f-b567-97838f1b04b0}\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Device Stage/Device/{113527a4-45d4-4b6f-b567-97838f1b04b0}\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Device Stage/Device/{113527a4-45d4-4b6f-b567-97838f1b04b0}\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Device Stage/Device/{113527a4-45d4-4b6f-b567-97838f1b04b0} | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Device Stage/Device/{8702d817-5aad-4674-9ef3-4d3decd87120}\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Device Stage/Device/{8702d817-5aad-4674-9ef3-4d3decd87120}\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Device Stage/Device/{8702d817-5aad-4674-9ef3-4d3decd87120}\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Device Stage/Device/{8702d817-5aad-4674-9ef3-4d3decd87120} | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Device Stage/Task\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Device Stage/Task\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Device Stage/Task\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Device Stage/Task | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Device Stage/Task/{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Device Stage/Task/{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Device Stage/Task/{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Device Stage/Task/{07deb856-fc6e-4fb9-8add-d8f2cf8722c9} | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Device Stage/Task/{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}/en-US\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Device Stage/Task/{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}/en-US\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Device Stage/Task/{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}/en-US\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Device Stage/Task/{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}/en-US | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Device Stage/Task/{e35be42d-f742-4d96-a50a-1775fb1a7a42}\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Device Stage/Task/{e35be42d-f742-4d96-a50a-1775fb1a7a42}\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Device Stage/Task/{e35be42d-f742-4d96-a50a-1775fb1a7a42}\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Device Stage/Task/{e35be42d-f742-4d96-a50a-1775fb1a7a42} | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Device Stage/Task/{e35be42d-f742-4d96-a50a-1775fb1a7a42}/en-US\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Device Stage/Task/{e35be42d-f742-4d96-a50a-1775fb1a7a42}/en-US\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Device Stage/Task/{e35be42d-f742-4d96-a50a-1775fb1a7a42}/en-US\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Device Stage/Task/{e35be42d-f742-4d96-a50a-1775fb1a7a42}/en-US | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/DeviceSync\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/DeviceSync\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/DeviceSync\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/DeviceSync | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Diagnosis\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Diagnosis\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Diagnosis\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Diagnosis | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Diagnosis/AsimovUploader\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Diagnosis/AsimovUploader\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Diagnosis/AsimovUploader\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Diagnosis/AsimovUploader | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Diagnosis/DownloadedScenarios\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Diagnosis/DownloadedScenarios\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Diagnosis/DownloadedScenarios\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Diagnosis/DownloadedScenarios | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Diagnosis/DownloadedSettings\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Diagnosis/DownloadedSettings\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Diagnosis/DownloadedSettings\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Diagnosis/DownloadedSettings | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Diagnosis/ETLLogs\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Diagnosis/ETLLogs\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Diagnosis/ETLLogs\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Diagnosis/ETLLogs | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Diagnosis/ETLLogs/AutoLogger\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Diagnosis/ETLLogs/AutoLogger\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Diagnosis/ETLLogs/AutoLogger\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Diagnosis/ETLLogs/AutoLogger | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Diagnosis/ETLLogs/ScenarioShutdownLogger\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Diagnosis/ETLLogs/ScenarioShutdownLogger\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Diagnosis/ETLLogs/ScenarioShutdownLogger\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Diagnosis/ETLLogs/ScenarioShutdownLogger | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Diagnosis/ETLLogs/ShutdownLogger\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Diagnosis/ETLLogs/ShutdownLogger\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Diagnosis/ETLLogs/ShutdownLogger\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Diagnosis/ETLLogs/ShutdownLogger | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Diagnosis/LocalTraceStore\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Diagnosis/LocalTraceStore\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Diagnosis/LocalTraceStore\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Diagnosis/LocalTraceStore | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Diagnosis/Sideload\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Diagnosis/Sideload\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Diagnosis/Sideload\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Diagnosis/Sideload | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Diagnosis/Siufloc\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Diagnosis/Siufloc\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Diagnosis/Siufloc\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Diagnosis/Siufloc | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Diagnosis/SoftLanding\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Diagnosis/SoftLanding\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Diagnosis/SoftLanding\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Diagnosis/SoftLanding | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Diagnosis/SoftLandingStage\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Diagnosis/SoftLandingStage\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Diagnosis/SoftLandingStage\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Diagnosis/SoftLandingStage | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Diagnosis/TenantStorage\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Diagnosis/TenantStorage\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Diagnosis/TenantStorage\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Diagnosis/TenantStorage | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Diagnosis/TenantStorage/P-ARIA\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Diagnosis/TenantStorage/P-ARIA\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Diagnosis/TenantStorage/P-ARIA\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Diagnosis/TenantStorage/P-ARIA | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Event Viewer\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Event Viewer\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Event Viewer\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Event Viewer | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Event Viewer/Views\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Event Viewer/Views\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Event Viewer/Views\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Event Viewer/Views | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Event Viewer/Views/ApplicationViewsRootNode\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Event Viewer/Views/ApplicationViewsRootNode\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Event Viewer/Views/ApplicationViewsRootNode\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Event Viewer/Views/ApplicationViewsRootNode | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/IdentityCRL\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/IdentityCRL\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/IdentityCRL\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/IdentityCRL | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/IdentityCRL/INT\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/IdentityCRL/INT\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/IdentityCRL/INT\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/IdentityCRL/INT | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/IdentityCRL/production\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/IdentityCRL/production\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/IdentityCRL/production\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/IdentityCRL/production | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/IdentityCRL/production/temp\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/IdentityCRL/production/temp\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/IdentityCRL/production/temp\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/IdentityCRL/production/temp | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/MF\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/MF\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/MF\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/MF | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/MapData\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/MapData\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/MapData\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/MapData | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/NetFramework\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/NetFramework\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/NetFramework\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/NetFramework | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/NetFramework/BreadcrumbStore\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/NetFramework/BreadcrumbStore\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/NetFramework/BreadcrumbStore\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/NetFramework/BreadcrumbStore | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Network\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Network\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Network\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Network | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Network/Connections\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Network/Connections\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Network/Connections\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Network/Connections | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Network/Connections/CM_old\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Network/Connections/CM_old\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Network/Connections/CM_old\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Network/Connections/CM_old | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Network/Connections/Cm\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Network/Connections/Cm\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Network/Connections/Cm\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Network/Connections/Cm | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Network/Downloader\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Network/Downloader\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Network/Downloader\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Network/Downloader | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Network/Downloader/edb.log | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Network/Downloader/edbtmp.log | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Network/Downloader/edbtmp.log | desired_access = FILE_APPEND_DATA, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Network/Downloader/qmgr.db | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Office\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Office\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Office\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Office | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49} | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}/Prov\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}/Prov\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}/Prov\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}/Prov | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}/Prov/RunTime\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}/Prov/RunTime\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}/Prov/RunTime\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}/Prov/RunTime | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{1e05dd5d-a022-46c5-963c-b20de341170f}\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{1e05dd5d-a022-46c5-963c-b20de341170f}\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{1e05dd5d-a022-46c5-963c-b20de341170f}\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{1e05dd5d-a022-46c5-963c-b20de341170f} | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{1e05dd5d-a022-46c5-963c-b20de341170f}/Prov\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{1e05dd5d-a022-46c5-963c-b20de341170f}/Prov\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{1e05dd5d-a022-46c5-963c-b20de341170f}/Prov\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{1e05dd5d-a022-46c5-963c-b20de341170f}/Prov | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{1e05dd5d-a022-46c5-963c-b20de341170f}/Prov/RunTime\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{1e05dd5d-a022-46c5-963c-b20de341170f}/Prov/RunTime\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{1e05dd5d-a022-46c5-963c-b20de341170f}/Prov/RunTime\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{1e05dd5d-a022-46c5-963c-b20de341170f}/Prov/RunTime | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{23cb517f-5073-4e96-a202-7fe6122a2271}\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{23cb517f-5073-4e96-a202-7fe6122a2271}\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{23cb517f-5073-4e96-a202-7fe6122a2271}\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{23cb517f-5073-4e96-a202-7fe6122a2271} | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{23cb517f-5073-4e96-a202-7fe6122a2271}/Prov\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{23cb517f-5073-4e96-a202-7fe6122a2271}/Prov\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{23cb517f-5073-4e96-a202-7fe6122a2271}/Prov\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{23cb517f-5073-4e96-a202-7fe6122a2271}/Prov | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{23cb517f-5073-4e96-a202-7fe6122a2271}/Prov/RunTime\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{23cb517f-5073-4e96-a202-7fe6122a2271}/Prov/RunTime\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{23cb517f-5073-4e96-a202-7fe6122a2271}/Prov/RunTime\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{23cb517f-5073-4e96-a202-7fe6122a2271}/Prov/RunTime | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{268c43e1-aa2b-4036-86ef-8cda98a0c2fe} | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}/Prov\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}/Prov\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}/Prov\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}/Prov | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}/Prov/RunTime\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}/Prov/RunTime\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}/Prov/RunTime\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}/Prov/RunTime | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{33d78dbc-3db7-4398-8533-000d7c02e5d1}\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{33d78dbc-3db7-4398-8533-000d7c02e5d1}\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{33d78dbc-3db7-4398-8533-000d7c02e5d1}\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{33d78dbc-3db7-4398-8533-000d7c02e5d1} | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{33d78dbc-3db7-4398-8533-000d7c02e5d1}/Prov\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{33d78dbc-3db7-4398-8533-000d7c02e5d1}/Prov\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{33d78dbc-3db7-4398-8533-000d7c02e5d1}/Prov\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{33d78dbc-3db7-4398-8533-000d7c02e5d1}/Prov | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{33d78dbc-3db7-4398-8533-000d7c02e5d1}/Prov/RunTime\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{33d78dbc-3db7-4398-8533-000d7c02e5d1}/Prov/RunTime\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{33d78dbc-3db7-4398-8533-000d7c02e5d1}/Prov/RunTime\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{33d78dbc-3db7-4398-8533-000d7c02e5d1}/Prov/RunTime | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{3742e5e8-6d9d-473b-99a6-8ecc0f43548a} | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}/Prov\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}/Prov\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}/Prov\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}/Prov | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}/Prov/RunTime\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}/Prov/RunTime\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}/Prov/RunTime\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}/Prov/RunTime | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{7a30a9be-737f-47a1-a541-6e7b0761ed19}\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{7a30a9be-737f-47a1-a541-6e7b0761ed19}\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{7a30a9be-737f-47a1-a541-6e7b0761ed19}\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{7a30a9be-737f-47a1-a541-6e7b0761ed19} | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{7a30a9be-737f-47a1-a541-6e7b0761ed19}/Prov\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{7a30a9be-737f-47a1-a541-6e7b0761ed19}/Prov\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{7a30a9be-737f-47a1-a541-6e7b0761ed19}/Prov\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{7a30a9be-737f-47a1-a541-6e7b0761ed19}/Prov | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{7a30a9be-737f-47a1-a541-6e7b0761ed19}/Prov/RunTime\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{7a30a9be-737f-47a1-a541-6e7b0761ed19}/Prov/RunTime\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{7a30a9be-737f-47a1-a541-6e7b0761ed19}/Prov/RunTime\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{7a30a9be-737f-47a1-a541-6e7b0761ed19}/Prov/RunTime | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{8d196d7f-3eef-48ad-8bea-be749f12d3ad} | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{8d196d7f-3eef-48ad-8bea-be749f12d3ad}/Prov\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{8d196d7f-3eef-48ad-8bea-be749f12d3ad}/Prov\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{8d196d7f-3eef-48ad-8bea-be749f12d3ad}/Prov\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{8d196d7f-3eef-48ad-8bea-be749f12d3ad}/Prov | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{8d196d7f-3eef-48ad-8bea-be749f12d3ad}/Prov/RunTime\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{8d196d7f-3eef-48ad-8bea-be749f12d3ad}/Prov/RunTime\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{8d196d7f-3eef-48ad-8bea-be749f12d3ad}/Prov/RunTime\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{8d196d7f-3eef-48ad-8bea-be749f12d3ad}/Prov/RunTime | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{8fb7d64e-70fc-4f9d-89ee-d486817534df}\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{8fb7d64e-70fc-4f9d-89ee-d486817534df}\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{8fb7d64e-70fc-4f9d-89ee-d486817534df}\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{8fb7d64e-70fc-4f9d-89ee-d486817534df} | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{8fb7d64e-70fc-4f9d-89ee-d486817534df}/Prov\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{8fb7d64e-70fc-4f9d-89ee-d486817534df}/Prov\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{8fb7d64e-70fc-4f9d-89ee-d486817534df}/Prov\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{8fb7d64e-70fc-4f9d-89ee-d486817534df}/Prov | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{8fb7d64e-70fc-4f9d-89ee-d486817534df}/Prov/RunTime\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{8fb7d64e-70fc-4f9d-89ee-d486817534df}/Prov/RunTime\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{8fb7d64e-70fc-4f9d-89ee-d486817534df}/Prov/RunTime\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{8fb7d64e-70fc-4f9d-89ee-d486817534df}/Prov/RunTime | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{99b095d8-5959-4820-bea7-7448c8427b4e}\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{99b095d8-5959-4820-bea7-7448c8427b4e}\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{99b095d8-5959-4820-bea7-7448c8427b4e}\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{99b095d8-5959-4820-bea7-7448c8427b4e} | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{99b095d8-5959-4820-bea7-7448c8427b4e}/Prov\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{99b095d8-5959-4820-bea7-7448c8427b4e}/Prov\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{99b095d8-5959-4820-bea7-7448c8427b4e}/Prov\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{99b095d8-5959-4820-bea7-7448c8427b4e}/Prov | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{99b095d8-5959-4820-bea7-7448c8427b4e}/Prov/RunTime\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{99b095d8-5959-4820-bea7-7448c8427b4e}/Prov/RunTime\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{99b095d8-5959-4820-bea7-7448c8427b4e}/Prov/RunTime\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{99b095d8-5959-4820-bea7-7448c8427b4e}/Prov/RunTime | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{9aec5bda-1e87-46b3-bb96-1a01c606555e}\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{9aec5bda-1e87-46b3-bb96-1a01c606555e}\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{9aec5bda-1e87-46b3-bb96-1a01c606555e}\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{9aec5bda-1e87-46b3-bb96-1a01c606555e} | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{9aec5bda-1e87-46b3-bb96-1a01c606555e}/Prov\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{9aec5bda-1e87-46b3-bb96-1a01c606555e}/Prov\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{9aec5bda-1e87-46b3-bb96-1a01c606555e}/Prov\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{9aec5bda-1e87-46b3-bb96-1a01c606555e}/Prov | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{9aec5bda-1e87-46b3-bb96-1a01c606555e}/Prov/RunTime\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{9aec5bda-1e87-46b3-bb96-1a01c606555e}/Prov/RunTime\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{9aec5bda-1e87-46b3-bb96-1a01c606555e}/Prov/RunTime\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{9aec5bda-1e87-46b3-bb96-1a01c606555e}/Prov/RunTime | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea} | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}/Prov\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}/Prov\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}/Prov\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}/Prov | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}/Prov/RunTime\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}/Prov/RunTime\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}/Prov/RunTime\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}/Prov/RunTime | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{b0b9123d-7d7f-4c6b-9973-ceced46f2a09} | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}/Prov\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}/Prov\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}/Prov\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}/Prov | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}/Prov/RunTime\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}/Prov/RunTime\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}/Prov/RunTime\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}/Prov/RunTime | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{c5dc3753-b6c8-4057-b396-bf13d769311c}\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{c5dc3753-b6c8-4057-b396-bf13d769311c}\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{c5dc3753-b6c8-4057-b396-bf13d769311c}\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{c5dc3753-b6c8-4057-b396-bf13d769311c} | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{c5dc3753-b6c8-4057-b396-bf13d769311c}/Prov\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{c5dc3753-b6c8-4057-b396-bf13d769311c}/Prov\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{c5dc3753-b6c8-4057-b396-bf13d769311c}/Prov\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{c5dc3753-b6c8-4057-b396-bf13d769311c}/Prov | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{c5dc3753-b6c8-4057-b396-bf13d769311c}/Prov/RunTime\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{c5dc3753-b6c8-4057-b396-bf13d769311c}/Prov/RunTime\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{c5dc3753-b6c8-4057-b396-bf13d769311c}/Prov/RunTime\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{c5dc3753-b6c8-4057-b396-bf13d769311c}/Prov/RunTime | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{c8a326e4-f518-4f14-b543-97a57e1a975e}\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{c8a326e4-f518-4f14-b543-97a57e1a975e}\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{c8a326e4-f518-4f14-b543-97a57e1a975e}\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{c8a326e4-f518-4f14-b543-97a57e1a975e} | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{c8a326e4-f518-4f14-b543-97a57e1a975e}/Prov\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{c8a326e4-f518-4f14-b543-97a57e1a975e}/Prov\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{c8a326e4-f518-4f14-b543-97a57e1a975e}/Prov\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{c8a326e4-f518-4f14-b543-97a57e1a975e}/Prov | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{c8a326e4-f518-4f14-b543-97a57e1a975e}/Prov/RunTime\# instructions-HKJIL #.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{c8a326e4-f518-4f14-b543-97a57e1a975e}/Prov/RunTime\# instructions-HKJIL #.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\/ProgramData/Microsoft/Provisioning/{c8a326e4-f518-4f14-b543-97a57e1a975e}/Prov/RunTime\# instructions-HKJIL #.vbs | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Move | C:\/Users/FD1HVy/AppData/Local/Packages/Microsoft.MicrosoftEdge_8wekyb3d8bbwe/AC/#!001/MicrosoftEdge/Cookies/FE83WYZ0.txt.HKJIL | source_filename = C:\/Users/FD1HVy/AppData/Local/Packages/Microsoft.MicrosoftEdge_8wekyb3d8bbwe/AC/#!001/MicrosoftEdge/Cookies/FE83WYZ0.txt, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\/Users/FD1HVy/AppData/Local/Packages/Microsoft.MicrosoftEdge_8wekyb3d8bbwe/AC/#!001/MicrosoftEdge/Cookies/K7RPYYP8.txt.HKJIL | source_filename = C:\/Users/FD1HVy/AppData/Local/Packages/Microsoft.MicrosoftEdge_8wekyb3d8bbwe/AC/#!001/MicrosoftEdge/Cookies/K7RPYYP8.txt, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\/Users/FD1HVy/AppData/Local/Packages/Microsoft.MicrosoftEdge_8wekyb3d8bbwe/AC/#!001/MicrosoftEdge/Cookies/LA7BUP1E.txt.HKJIL | source_filename = C:\/Users/FD1HVy/AppData/Local/Packages/Microsoft.MicrosoftEdge_8wekyb3d8bbwe/AC/#!001/MicrosoftEdge/Cookies/LA7BUP1E.txt, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\/Users/FD1HVy/AppData/Local/Packages/Microsoft.MicrosoftEdge_8wekyb3d8bbwe/AC/#!001/MicrosoftEdge/Cookies/NBLJVIM8.txt.HKJIL | source_filename = C:\/Users/FD1HVy/AppData/Local/Packages/Microsoft.MicrosoftEdge_8wekyb3d8bbwe/AC/#!001/MicrosoftEdge/Cookies/NBLJVIM8.txt, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\/Users/FD1HVy/AppData/Local/Packages/Microsoft.MicrosoftEdge_8wekyb3d8bbwe/AC/#!001/MicrosoftEdge/Cookies/ODUED5IU.txt.HKJIL | source_filename = C:\/Users/FD1HVy/AppData/Local/Packages/Microsoft.MicrosoftEdge_8wekyb3d8bbwe/AC/#!001/MicrosoftEdge/Cookies/ODUED5IU.txt, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\/Users/FD1HVy/AppData/Local/Packages/Microsoft.MicrosoftEdge_8wekyb3d8bbwe/AC/#!001/MicrosoftEdge/Cookies/S7Q1EH8Y.txt.HKJIL | source_filename = C:\/Users/FD1HVy/AppData/Local/Packages/Microsoft.MicrosoftEdge_8wekyb3d8bbwe/AC/#!001/MicrosoftEdge/Cookies/S7Q1EH8Y.txt, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\/Users/FD1HVy/AppData/Local/Packages/Microsoft.MicrosoftEdge_8wekyb3d8bbwe/AC/#!001/MicrosoftEdge/Cookies/UZ3Q0402.txt.HKJIL | source_filename = C:\/Users/FD1HVy/AppData/Local/Packages/Microsoft.MicrosoftEdge_8wekyb3d8bbwe/AC/#!001/MicrosoftEdge/Cookies/UZ3Q0402.txt, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\/Users/FD1HVy/AppData/Local/Packages/Microsoft.MicrosoftEdge_8wekyb3d8bbwe/AC/#!001/MicrosoftEdge/Cookies/container.dat.HKJIL | source_filename = C:\/Users/FD1HVy/AppData/Local/Packages/Microsoft.MicrosoftEdge_8wekyb3d8bbwe/AC/#!001/MicrosoftEdge/Cookies/container.dat, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\/Users/FD1HVy/AppData/Local/Packages/Microsoft.MicrosoftEdge_8wekyb3d8bbwe/AC/#!002/MicrosoftEdge/Cookies/AFIOGFFU.txt.HKJIL | source_filename = C:\/Users/FD1HVy/AppData/Local/Packages/Microsoft.MicrosoftEdge_8wekyb3d8bbwe/AC/#!002/MicrosoftEdge/Cookies/AFIOGFFU.txt, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\/Users/FD1HVy/AppData/Local/Packages/Microsoft.MicrosoftEdge_8wekyb3d8bbwe/AC/#!002/MicrosoftEdge/Cookies/container.dat.HKJIL | source_filename = C:\/Users/FD1HVy/AppData/Local/Packages/Microsoft.MicrosoftEdge_8wekyb3d8bbwe/AC/#!002/MicrosoftEdge/Cookies/container.dat, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\/Users/FD1HVy/AppData/Local/Packages/Microsoft.MicrosoftEdge_8wekyb3d8bbwe/AC/MicrosoftEdge/Cookies/container.dat.HKJIL | source_filename = C:\/Users/FD1HVy/AppData/Local/Packages/Microsoft.MicrosoftEdge_8wekyb3d8bbwe/AC/MicrosoftEdge/Cookies/container.dat, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\/Users/FD1HVy/AppData/Local/Packages/Microsoft.Windows.Cortana_cw5n1h2txyewy/AC/AppCache/IE77EECT/4/C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_14[1].txt.HKJIL | source_filename = C:\/Users/FD1HVy/AppData/Local/Packages/Microsoft.Windows.Cortana_cw5n1h2txyewy/AC/AppCache/IE77EECT/4/C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_14[1].txt, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\/Users/FD1HVy/AppData/Roaming/Skype/RootTools/roottools.conf.HKJIL | source_filename = C:\/Users/FD1HVy/AppData/Roaming/Skype/RootTools/roottools.conf, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Read | C:\/Users/FD1HVy/AppData/Local/Packages/Microsoft.MicrosoftEdge_8wekyb3d8bbwe/AC/#!001/MicrosoftEdge/Cookies/FE83WYZ0.txt | size = 8388608, size_out = 94 |
|
1 | |
| Read | C:\/Users/FD1HVy/AppData/Local/Packages/Microsoft.MicrosoftEdge_8wekyb3d8bbwe/AC/#!001/MicrosoftEdge/Cookies/FE83WYZ0.txt | size = 8388608, size_out = 0 |
|
1 | |
| Read | C:\/Users/FD1HVy/AppData/Local/Packages/Microsoft.MicrosoftEdge_8wekyb3d8bbwe/AC/#!001/MicrosoftEdge/Cookies/K7RPYYP8.txt | size = 8388608, size_out = 554 |
|
1 | |
| Read | C:\/Users/FD1HVy/AppData/Local/Packages/Microsoft.MicrosoftEdge_8wekyb3d8bbwe/AC/#!001/MicrosoftEdge/Cookies/K7RPYYP8.txt | size = 8388608, size_out = 0 |
|
1 | |
| Read | C:\/Users/FD1HVy/AppData/Local/Packages/Microsoft.MicrosoftEdge_8wekyb3d8bbwe/AC/#!001/MicrosoftEdge/Cookies/LA7BUP1E.txt | size = 8388608, size_out = 275 |
|
1 | |
| Read | C:\/Users/FD1HVy/AppData/Local/Packages/Microsoft.MicrosoftEdge_8wekyb3d8bbwe/AC/#!001/MicrosoftEdge/Cookies/LA7BUP1E.txt | size = 8388608, size_out = 0 |
|
1 | |
| Read | C:\/Users/FD1HVy/AppData/Local/Packages/Microsoft.MicrosoftEdge_8wekyb3d8bbwe/AC/#!001/MicrosoftEdge/Cookies/NBLJVIM8.txt | size = 8388608, size_out = 228 |
|
1 | |
| Read | C:\/Users/FD1HVy/AppData/Local/Packages/Microsoft.MicrosoftEdge_8wekyb3d8bbwe/AC/#!001/MicrosoftEdge/Cookies/NBLJVIM8.txt | size = 8388608, size_out = 0 |
|
1 | |
| Read | C:\/Users/FD1HVy/AppData/Local/Packages/Microsoft.MicrosoftEdge_8wekyb3d8bbwe/AC/#!001/MicrosoftEdge/Cookies/ODUED5IU.txt | size = 8388608, size_out = 382 |
|
1 | |
| Read | C:\/Users/FD1HVy/AppData/Local/Packages/Microsoft.MicrosoftEdge_8wekyb3d8bbwe/AC/#!001/MicrosoftEdge/Cookies/ODUED5IU.txt | size = 8388608, size_out = 0 |
|
1 | |
| Read | C:\/Users/FD1HVy/AppData/Local/Packages/Microsoft.MicrosoftEdge_8wekyb3d8bbwe/AC/#!001/MicrosoftEdge/Cookies/S7Q1EH8Y.txt | size = 8388608, size_out = 101 |
|
1 | |
| Read | C:\/Users/FD1HVy/AppData/Local/Packages/Microsoft.MicrosoftEdge_8wekyb3d8bbwe/AC/#!001/MicrosoftEdge/Cookies/S7Q1EH8Y.txt | size = 8388608, size_out = 0 |
|
1 | |
| Read | C:\/Users/FD1HVy/AppData/Local/Packages/Microsoft.MicrosoftEdge_8wekyb3d8bbwe/AC/#!001/MicrosoftEdge/Cookies/UZ3Q0402.txt | size = 8388608, size_out = 102 |
|
1 | |
| Read | C:\/Users/FD1HVy/AppData/Local/Packages/Microsoft.MicrosoftEdge_8wekyb3d8bbwe/AC/#!001/MicrosoftEdge/Cookies/UZ3Q0402.txt | size = 8388608, size_out = 0 |
|
1 | |
| Read | C:\/Users/FD1HVy/AppData/Local/Packages/Microsoft.MicrosoftEdge_8wekyb3d8bbwe/AC/#!001/MicrosoftEdge/Cookies/container.dat | size = 8388608, size_out = 0 |
|
1 | |
| Read | C:\/Users/FD1HVy/AppData/Local/Packages/Microsoft.MicrosoftEdge_8wekyb3d8bbwe/AC/#!002/MicrosoftEdge/Cookies/AFIOGFFU.txt | size = 8388608, size_out = 101 |
|
1 | |
| Read | C:\/Users/FD1HVy/AppData/Local/Packages/Microsoft.MicrosoftEdge_8wekyb3d8bbwe/AC/#!002/MicrosoftEdge/Cookies/AFIOGFFU.txt | size = 8388608, size_out = 0 |
|
1 | |
| Read | C:\/Users/FD1HVy/AppData/Local/Packages/Microsoft.MicrosoftEdge_8wekyb3d8bbwe/AC/#!002/MicrosoftEdge/Cookies/container.dat | size = 8388608, size_out = 0 |
|
1 | |
| Read | C:\/Users/FD1HVy/AppData/Local/Packages/Microsoft.MicrosoftEdge_8wekyb3d8bbwe/AC/MicrosoftEdge/Cookies/container.dat | size = 8388608, size_out = 0 |
|
1 | |
|
For performance reasons, the remaining 3890 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
Registry (4)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography | value_name = MachineGuid, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | value_name = ProductName, data = Windows 10 Pro, type = REG_SZ |
|
1 |
Process (11)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\WINDOWS\system32\cmd.exe | os_pid = 0x5cc, creation_flags = CREATE_NO_WINDOW, show_window = SW_HIDE |
|
1 | |
| Create | C:\WINDOWS\system32\cmd.exe | os_pid = 0x738, creation_flags = CREATE_NO_WINDOW, show_window = SW_HIDE |
|
1 | |
| Create | C:\WINDOWS\system32\cmd.exe | os_pid = 0xdf0, creation_flags = CREATE_NO_WINDOW, show_window = SW_HIDE |
|
1 | |
| Create | C:\WINDOWS\system32\cmd.exe | os_pid = 0xd68, creation_flags = CREATE_NO_WINDOW, show_window = SW_HIDE |
|
1 | |
| Create | C:\WINDOWS\system32\cmd.exe | os_pid = 0xeec, creation_flags = CREATE_NO_WINDOW, show_window = SW_HIDE |
|
1 | |
| Create | C:\WINDOWS\system32\cmd.exe | os_pid = 0x13d4, creation_flags = CREATE_NO_WINDOW, show_window = SW_HIDE |
|
1 | |
| Create | C:\WINDOWS\system32\cmd.exe | os_pid = 0x13dc, creation_flags = CREATE_NO_WINDOW, show_window = SW_HIDE |
|
1 | |
| Create | C:\WINDOWS\system32\cmd.exe | os_pid = 0xf78, creation_flags = CREATE_NO_WINDOW, show_window = SW_HIDE |
|
1 | |
| Create | C:\WINDOWS\system32\cmd.exe | os_pid = 0x105c, creation_flags = CREATE_NO_WINDOW, show_window = SW_HIDE |
|
1 | |
| Create | C:\WINDOWS\system32\cmd.exe | os_pid = 0xfb4, creation_flags = CREATE_NO_WINDOW, show_window = SW_HIDE |
|
1 | |
| Create | C:\WINDOWS\system32\cmd.exe | os_pid = 0x658, show_window = SW_HIDE |
|
1 |
Module (108)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | KERNEL32.DLL | base_address = 0x75e90000 |
|
1 | |
| Load | winmm.dll | base_address = 0x74380000 |
|
1 | |
| Load | ws2_32.dll | base_address = 0x746a0000 |
|
3 | |
| Load | kernel32.dll | base_address = 0x75e90000 |
|
5 | |
| Load | advapi32.dll | base_address = 0x761b0000 |
|
2 | |
| Load | ntdll.dll | base_address = 0x77bb0000 |
|
1 | |
| Load | crypt32.dll | base_address = 0x74940000 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\flash_player.exe, file_name_orig = C:\Users\FD1HVy\Desktop\Flash_Player.exe, size = 1024 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WriteFile, address_out = 0x75eff180 |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WriteConsoleW, address_out = 0x75eff500 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WaitForSingleObject, address_out = 0x75efeca0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualFree, address_out = 0x75ea69d0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualAlloc, address_out = 0x75ea6970 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SwitchToThread, address_out = 0x75ea6790 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetWaitableTimer, address_out = 0x75efec60 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetUnhandledExceptionFilter, address_out = 0x75ea6720 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetProcessPriorityBoost, address_out = 0x75ea83d0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetEvent, address_out = 0x75efec50 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetErrorMode, address_out = 0x75ea6500 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetConsoleCtrlHandler, address_out = 0x75eff4d0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = LoadLibraryA, address_out = 0x75ea5a80 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = LoadLibraryW, address_out = 0x75ea5ae0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetSystemInfo, address_out = 0x75ea54d0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetStdHandle, address_out = 0x75ea5330 |
|
3 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetQueuedCompletionStatus, address_out = 0x75ea52e0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetProcessAffinityMask, address_out = 0x75ee3230 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetProcAddress, address_out = 0x75ea51b0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetEnvironmentStringsW, address_out = 0x75ea4eb0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetConsoleMode, address_out = 0x75eff450 |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FreeEnvironmentStringsW, address_out = 0x75ea4c20 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ExitProcess, address_out = 0x75ea3cb0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = DuplicateHandle, address_out = 0x75efeac0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateThread, address_out = 0x75ea46b0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateIoCompletionPort, address_out = 0x75ea4530 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateEventA, address_out = 0x75efeb00 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CloseHandle, address_out = 0x75efeab0 |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = AddVectoredExceptionHandler, address_out = 0x77bd5d20 |
|
1 | |
| Get Address | c:\windows\syswow64\winmm.dll | function = timeEndPeriod, address_out = 0x7438d030 |
|
1 | |
| Get Address | c:\windows\syswow64\winmm.dll | function = timeBeginPeriod, address_out = 0x74384350 |
|
1 | |
| Get Address | c:\windows\syswow64\ws2_32.dll | function = WSAGetOverlappedResult, address_out = 0x746b39f0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = AddDllDirectory, address_out = 0x7500bbb0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = AddVectoredContinueHandler, address_out = 0x77c628c0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetQueuedCompletionStatusEx, address_out = 0x75ea5300 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = LoadLibraryExW, address_out = 0x75ea5ac0 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = SystemFunction036, address_out = 0x746729e0 |
|
1 | |
| Get Address | c:\windows\syswow64\ntdll.dll | function = NtWaitForSingleObject, address_out = 0x77c21d30 |
|
1 | |
| Get Address | c:\windows\syswow64\ntdll.dll | function = wine_get_version, address_out = 0x0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetHandleInformation, address_out = 0x75efeae0 |
|
2 | |
| Get Address | c:\windows\syswow64\ws2_32.dll | function = WSAStartup, address_out = 0x746a5b40 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CancelIoEx, address_out = 0x75ea42b0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFileCompletionNotificationModes, address_out = 0x75ee50d0 |
|
1 | |
| Get Address | c:\windows\syswow64\ws2_32.dll | function = WSAEnumProtocolsW, address_out = 0x746bb2f0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCommandLineW, address_out = 0x75ea4cc0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetVersion, address_out = 0x75ea56c0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetEnvironmentVariableW, address_out = 0x75ea4fb0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetDiskFreeSpaceExW, address_out = 0x75efeea0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileAttributesExW, address_out = 0x75efef00 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFileW, address_out = 0x75efed10 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetDriveTypeW, address_out = 0x75efeed0 |
|
1 | |
| Get Address | c:\windows\syswow64\ws2_32.dll | function = GetAddrInfoW, address_out = 0x746a7d70 |
|
1 | |
| Get Address | c:\windows\syswow64\ws2_32.dll | function = FreeAddrInfoW, address_out = 0x746a4fa0 |
|
1 | |
| Get Address | c:\windows\syswow64\ws2_32.dll | function = WSASocketW, address_out = 0x746b1700 |
|
1 | |
| Get Address | c:\windows\syswow64\ws2_32.dll | function = setsockopt, address_out = 0x746afd70 |
|
1 | |
| Get Address | c:\windows\syswow64\ws2_32.dll | function = bind, address_out = 0x746b1cc0 |
|
1 | |
| Get Address | c:\windows\syswow64\ws2_32.dll | function = socket, address_out = 0x746b4510 |
|
1 | |
| Get Address | c:\windows\syswow64\ws2_32.dll | function = WSAIoctl, address_out = 0x746ae800 |
|
1 | |
| Get Address | c:\windows\syswow64\ws2_32.dll | function = getsockname, address_out = 0x746b3750 |
|
1 | |
| Get Address | c:\windows\syswow64\ws2_32.dll | function = getpeername, address_out = 0x746b43d0 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptAcquireContextW, address_out = 0x761cfa40 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptGenRandom, address_out = 0x761d0730 |
|
1 | |
| Get Address | c:\windows\syswow64\ws2_32.dll | function = WSASend, address_out = 0x746b00b0 |
|
1 | |
| Get Address | c:\windows\syswow64\ws2_32.dll | function = WSARecv, address_out = 0x746b03f0 |
|
1 | |
| Get Address | c:\windows\syswow64\crypt32.dll | function = CertCreateCertificateContext, address_out = 0x74967d30 |
|
1 | |
| Get Address | c:\windows\syswow64\crypt32.dll | function = CertOpenStore, address_out = 0x749857a0 |
|
1 | |
| Get Address | c:\windows\syswow64\crypt32.dll | function = CertAddCertificateContextToStore, address_out = 0x74970d70 |
|
1 | |
| Get Address | c:\windows\syswow64\crypt32.dll | function = CertFreeCertificateContext, address_out = 0x7497da30 |
|
1 | |
| Get Address | c:\windows\syswow64\crypt32.dll | function = CertCloseStore, address_out = 0x7497dc00 |
|
1 | |
| Get Address | c:\windows\syswow64\crypt32.dll | function = CertGetCertificateChain, address_out = 0x74974cb0 |
|
1 | |
| Get Address | c:\windows\syswow64\crypt32.dll | function = CertVerifyCertificateChainPolicy, address_out = 0x74989b10 |
|
1 | |
| Get Address | c:\windows\syswow64\crypt32.dll | function = CertFreeCertificateChain, address_out = 0x7495f6c0 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyExW, address_out = 0x761ce580 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegQueryValueExW, address_out = 0x761ce5a0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateProcessW, address_out = 0x75ea4610 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindFirstFileW, address_out = 0x75efedf0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindNextFileW, address_out = 0x75efee40 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindClose, address_out = 0x75efed70 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileInformationByHandle, address_out = 0x75efef20 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileAttributesW, address_out = 0x75efef10 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFileAttributesW, address_out = 0x75eff100 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ReadFile, address_out = 0x75eff090 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileType, address_out = 0x75efef60 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFilePointerEx, address_out = 0x75eff130 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = MoveFileExW, address_out = 0x75ea4370 |
|
1 | |
| Get Address | c:\windows\syswow64\ws2_32.dll | function = closesocket, address_out = 0x746b0910 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleFileNameW, address_out = 0x75ea5090 |
|
1 |
System (16)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open Certificate Store | encoding_type = 0, flags = 4 |
|
1 | |
| Open Certificate Store | encoding_type = 0, flags = 4 |
|
1 | |
| Open Certificate Store | encoding_type = 0, flags = 4 |
|
1 | |
| Add Certificate | disposition = 4 |
|
4 | |
| Add Certificate | disposition = 4 |
|
3 | |
| Add Certificate | disposition = 4 |
|
4 | |
| Get Info | type = Hardware Information |
|
1 | |
| Get Info | type = Operating System |
|
1 |
Environment (11313)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
1 | |
| Get Environment String | name = DEBUG_HTTP2_GOROUTINES |
|
1 | |
| Get Environment String | name = GODEBUG |
|
2 | |
| Get Environment String | name = XDG_CURRENT_DESKTOP |
|
1 | |
| Get Environment String | name = DESKTOP_SESSION |
|
1 | |
| Get Environment String | name = HTTPS_PROXY |
|
1 | |
| Get Environment String | name = https_proxy |
|
1 | |
| Get Environment String | name = HTTP_PROXY |
|
1 | |
| Get Environment String | name = http_proxy |
|
1 | |
| Get Environment String | name = ALLUSERSPROFILE, result_out = C:\ProgramData |
|
1 | |
| Get Environment String | name = USERNAME, result_out = FD1HVy |
|
1 | |
| Get Environment String | name = windir, result_out = C:\WINDOWS |
|
11301 |
Network Behavior
DNS (6)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Resolve Name | host = iplogger.org, address_out = 88.99.66.31 |
|
2 | |
| Resolve Name | host = www.kremlin.ru, address_out = 95.173.136.71, 95.173.136.72, 95.173.136.70 |
|
1 | |
| Resolve Name | host = ipapi.co, address_out = 104.25.210.99, 104.25.209.99 |
|
1 | |
| Resolve Name | host = google.com, address_out = 216.58.206.14 |
|
1 | |
| Resolve Name | host = www.google.com, address_out = 216.58.206.4 |
|
1 |
HTTP Sessions (3)
| Information | Value |
|---|---|
| Total Data Sent | 705 bytes |
| Total Data Received | 27.36 KB |
| Contacted Host Count | 3 |
| Contacted Hosts | 95.173.136.71, 216.58.206.14, 216.58.206.4 |
HTTP Session #1
| Information | Value |
|---|---|
| User Agent | Google Chrome Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36. |
| Server Name | www.kremlin.ru |
| Server Port | 80 |
| Username | - |
| Password | - |
| Data Sent | 239 bytes |
| Data Received | 10.63 KB |
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open Session | user_agent = Google Chrome Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36. |
|
1 | |
| Open Connection | protocol = http, server_name = www.kremlin.ru, server_port = 80 |
|
1 | |
| Open HTTP Request | http_verb = GET, http_version = HTTP/1.1, target_resource = / |
|
1 | |
| Send HTTP Request | headers = Host: www.kremlin.ru, User-Agent: Google Chrome Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36., Referer: Encryption Start - 24, Accept-Encoding: gzip, url = www.kremlin.ru/ |
|
1 | |
| Close Session | - |
|
1 |
HTTP Session #2
| Information | Value |
|---|---|
| User Agent | Google Chrome Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36. |
| Server Name | google.com |
| Server Port | 80 |
| Username | - |
| Password | - |
| Data Sent | 231 bytes |
| Data Received | 708 bytes |
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open Session | user_agent = Google Chrome Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36. |
|
1 | |
| Open Connection | protocol = http, server_name = google.com, server_port = 80 |
|
1 | |
| Open HTTP Request | http_verb = GET, http_version = HTTP/1.1, target_resource = / |
|
1 | |
| Send HTTP Request | headers = Host: google.com, User-Agent: Google Chrome Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36., Referer: Encryption Finish, Accept-Encoding: gzip, url = google.com/ |
|
1 |
HTTP Session #3
| Information | Value |
|---|---|
| User Agent | Google Chrome Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36. |
| Server Name | www.google.com |
| Server Port | 80 |
| Username | - |
| Password | - |
| Data Sent | 235 bytes |
| Data Received | 16.04 KB |
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open Session | user_agent = Google Chrome Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36. |
|
1 | |
| Open Connection | protocol = http, server_name = www.google.com, server_port = 80 |
|
1 | |
| Open HTTP Request | http_verb = GET, http_version = HTTP/1.1, target_resource = / |
|
1 | |
| Send HTTP Request | headers = Host: www.google.com, User-Agent: Google Chrome Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36., Referer: http://google.com, Accept-Encoding: gzip, url = www.google.com/ |
|
1 |
Process #2: cmd.exe
63
0
| Information | Value |
|---|---|
| ID | #2 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | C:\WINDOWS\system32\cmd.exe /C vssadmin delete shadows /all /quiet |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:00:43, Reason: Child Process |
| Unmonitor | End Time: 00:01:02, Reason: Self Terminated |
| Monitor Duration | 00:00:18 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x5cc |
| Parent PID | 0x8f4 (c:\users\fd1hvy\desktop\flash_player.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
5F8
0x
4BC
|
Host Behavior
File (16)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\FD1HVy\Desktop | type = file_attributes |
|
2 | |
| Open | STD_OUTPUT_HANDLE | - |
|
8 | |
| Open | STD_INPUT_HANDLE | - |
|
6 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\WINDOWS\system32\vssadmin.exe | os_pid = 0xe5c, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\cmd.exe | base_address = 0xfd0000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x75e90000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\WINDOWS\SysWOW64\cmd.exe, size = 32743 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadUILanguage, address_out = 0x75ea4f70 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileExW, address_out = 0x75ea4330 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsDebuggerPresent, address_out = 0x75ea5930 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x74fe09d0 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\WINDOWS\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\FD1HVy\Desktop |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000002 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #3: cmd.exe
64
0
| Information | Value |
|---|---|
| ID | #3 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | C:\WINDOWS\system32\cmd.exe /C taskkill.exe /f /im sql* |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:00:44, Reason: Child Process |
| Unmonitor | End Time: 00:01:04, Reason: Self Terminated |
| Monitor Duration | 00:00:20 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x738 |
| Parent PID | 0x8f4 (c:\users\fd1hvy\desktop\flash_player.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
A34
0x
658
|
Host Behavior
File (17)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\FD1HVy\Desktop | type = file_attributes |
|
2 | |
| Get Info | taskkill.exe | type = file_attributes |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
8 | |
| Open | STD_INPUT_HANDLE | - |
|
6 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\WINDOWS\system32\taskkill.exe | os_pid = 0x408, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\cmd.exe | base_address = 0xfd0000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x75e90000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\WINDOWS\SysWOW64\cmd.exe, size = 32743 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadUILanguage, address_out = 0x75ea4f70 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileExW, address_out = 0x75ea4330 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsDebuggerPresent, address_out = 0x75ea5930 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x74fe09d0 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\WINDOWS\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\FD1HVy\Desktop |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000080 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #4: cmd.exe
64
0
| Information | Value |
|---|---|
| ID | #4 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | C:\WINDOWS\system32\cmd.exe /C taskkill.exe /f /im backup* |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:00:44, Reason: Child Process |
| Unmonitor | End Time: 00:01:04, Reason: Self Terminated |
| Monitor Duration | 00:00:20 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xdf0 |
| Parent PID | 0x8f4 (c:\users\fd1hvy\desktop\flash_player.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
394
0x
490
|
Host Behavior
File (17)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\FD1HVy\Desktop | type = file_attributes |
|
2 | |
| Get Info | taskkill.exe | type = file_attributes |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
8 | |
| Open | STD_INPUT_HANDLE | - |
|
6 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 96, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\WINDOWS\system32\taskkill.exe | os_pid = 0xe38, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\cmd.exe | base_address = 0xfd0000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x75e90000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\WINDOWS\SysWOW64\cmd.exe, size = 32743 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadUILanguage, address_out = 0x75ea4f70 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileExW, address_out = 0x75ea4330 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsDebuggerPresent, address_out = 0x75ea5930 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x74fe09d0 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\WINDOWS\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\FD1HVy\Desktop |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000080 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #7: cmd.exe
64
0
| Information | Value |
|---|---|
| ID | #7 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | C:\WINDOWS\system32\cmd.exe /C taskkill.exe /f /im anti* |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:00:44, Reason: Child Process |
| Unmonitor | End Time: 00:01:04, Reason: Self Terminated |
| Monitor Duration | 00:00:20 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xd68 |
| Parent PID | 0x8f4 (c:\users\fd1hvy\desktop\flash_player.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
7A8
0x
798
|
Host Behavior
File (17)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\FD1HVy\Desktop | type = file_attributes |
|
2 | |
| Get Info | taskkill.exe | type = file_attributes |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
8 | |
| Open | STD_INPUT_HANDLE | - |
|
6 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 24, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\WINDOWS\system32\taskkill.exe | os_pid = 0xd6c, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\cmd.exe | base_address = 0xfd0000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x75e90000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\WINDOWS\SysWOW64\cmd.exe, size = 32743 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadUILanguage, address_out = 0x75ea4f70 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileExW, address_out = 0x75ea4330 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsDebuggerPresent, address_out = 0x75ea5930 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x74fe09d0 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\WINDOWS\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\FD1HVy\Desktop |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000080 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #8: cmd.exe
64
0
| Information | Value |
|---|---|
| ID | #8 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | C:\WINDOWS\system32\cmd.exe /C taskkill.exe /f /im malware* |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:00:44, Reason: Child Process |
| Unmonitor | End Time: 00:01:04, Reason: Self Terminated |
| Monitor Duration | 00:00:20 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xeec |
| Parent PID | 0x8f4 (c:\users\fd1hvy\desktop\flash_player.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
2E8
0x
714
|
Host Behavior
File (17)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\FD1HVy\Desktop | type = file_attributes |
|
2 | |
| Get Info | taskkill.exe | type = file_attributes |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
8 | |
| Open | STD_INPUT_HANDLE | - |
|
6 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 168, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\WINDOWS\system32\taskkill.exe | os_pid = 0x48c, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\cmd.exe | base_address = 0xfd0000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x75e90000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\WINDOWS\SysWOW64\cmd.exe, size = 32743 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadUILanguage, address_out = 0x75ea4f70 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileExW, address_out = 0x75ea4330 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsDebuggerPresent, address_out = 0x75ea5930 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x74fe09d0 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\WINDOWS\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\FD1HVy\Desktop |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000080 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #12: taskkill.exe
0
0
| Information | Value |
|---|---|
| ID | #12 |
| File Name | c:\windows\syswow64\taskkill.exe |
| Command Line | taskkill.exe /f /im anti* |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:00:50, Reason: Child Process |
| Unmonitor | End Time: 00:01:04, Reason: Self Terminated |
| Monitor Duration | 00:00:14 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xd6c |
| Parent PID | 0xd68 (c:\windows\syswow64\cmd.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
FD8
0x
324
0x
D9C
0x
100C
0x
1028
0x
102C
|
Process #13: taskkill.exe
0
0
| Information | Value |
|---|---|
| ID | #13 |
| File Name | c:\windows\syswow64\taskkill.exe |
| Command Line | taskkill.exe /f /im backup* |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:00:50, Reason: Child Process |
| Unmonitor | End Time: 00:01:04, Reason: Self Terminated |
| Monitor Duration | 00:00:14 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xe38 |
| Parent PID | 0xdf0 (c:\windows\syswow64\cmd.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
FC4
0x
754
0x
1004
0x
1018
0x
101C
|
Process #14: taskkill.exe
0
0
| Information | Value |
|---|---|
| ID | #14 |
| File Name | c:\windows\syswow64\taskkill.exe |
| Command Line | taskkill.exe /f /im malware* |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:00:50, Reason: Child Process |
| Unmonitor | End Time: 00:01:04, Reason: Self Terminated |
| Monitor Duration | 00:00:14 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x48c |
| Parent PID | 0xeec (c:\windows\syswow64\cmd.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
E88
0x
FC0
0x
1008
0x
1020
0x
1024
|
Process #15: taskkill.exe
0
0
| Information | Value |
|---|---|
| ID | #15 |
| File Name | c:\windows\syswow64\taskkill.exe |
| Command Line | taskkill.exe /f /im sql* |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:00:50, Reason: Child Process |
| Unmonitor | End Time: 00:01:04, Reason: Self Terminated |
| Monitor Duration | 00:00:13 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x408 |
| Parent PID | 0x738 (c:\windows\syswow64\cmd.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
D78
0x
824
0x
F64
0x
1010
0x
1014
|
Process #16: vssadmin.exe
0
0
| Information | Value |
|---|---|
| ID | #16 |
| File Name | c:\windows\syswow64\vssadmin.exe |
| Command Line | vssadmin delete shadows /all /quiet |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:00:53, Reason: Child Process |
| Unmonitor | End Time: 00:01:01, Reason: Self Terminated |
| Monitor Duration | 00:00:08 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xe5c |
| Parent PID | 0x5cc (c:\windows\syswow64\cmd.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
FB4
0x
1038
0x
1048
0x
1050
0x
105C
0x
1060
|
Process #22: cmd.exe
63
0
| Information | Value |
|---|---|
| ID | #22 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | C:\WINDOWS\system32\cmd.exe /C vssadmin delete shadows /all /quiet |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:03:44, Reason: Child Process |
| Unmonitor | End Time: 00:03:50, Reason: Self Terminated |
| Monitor Duration | 00:00:05 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x13d4 |
| Parent PID | 0x8f4 (c:\users\fd1hvy\desktop\flash_player.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
13D8
0x
102C
|
Host Behavior
File (16)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\FD1HVy\Desktop | type = file_attributes |
|
2 | |
| Open | STD_OUTPUT_HANDLE | - |
|
8 | |
| Open | STD_INPUT_HANDLE | - |
|
6 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 72, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\WINDOWS\system32\vssadmin.exe | os_pid = 0x1008, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\cmd.exe | base_address = 0xfd0000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x75e90000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\WINDOWS\SysWOW64\cmd.exe, size = 32743 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadUILanguage, address_out = 0x75ea4f70 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileExW, address_out = 0x75ea4330 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsDebuggerPresent, address_out = 0x75ea5930 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x74fe09d0 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\WINDOWS\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\FD1HVy\Desktop |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000002 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #23: cmd.exe
64
0
| Information | Value |
|---|---|
| ID | #23 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | C:\WINDOWS\system32\cmd.exe /C taskkill.exe /f /im sql* |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:03:44, Reason: Child Process |
| Unmonitor | End Time: 00:03:49, Reason: Self Terminated |
| Monitor Duration | 00:00:05 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x13dc |
| Parent PID | 0x8f4 (c:\users\fd1hvy\desktop\flash_player.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
13E0
0x
1024
|
Host Behavior
File (17)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\FD1HVy\Desktop | type = file_attributes |
|
2 | |
| Get Info | taskkill.exe | type = file_attributes |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
8 | |
| Open | STD_INPUT_HANDLE | - |
|
6 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 197, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\WINDOWS\system32\taskkill.exe | os_pid = 0xd9c, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\cmd.exe | base_address = 0xfd0000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x75e90000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\WINDOWS\SysWOW64\cmd.exe, size = 32743 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadUILanguage, address_out = 0x75ea4f70 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileExW, address_out = 0x75ea4330 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsDebuggerPresent, address_out = 0x75ea5930 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x74fe09d0 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\WINDOWS\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\FD1HVy\Desktop |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000080 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #26: cmd.exe
64
0
| Information | Value |
|---|---|
| ID | #26 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | C:\WINDOWS\system32\cmd.exe /C taskkill.exe /f /im backup* |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:03:44, Reason: Child Process |
| Unmonitor | End Time: 00:03:50, Reason: Self Terminated |
| Monitor Duration | 00:00:05 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xf78 |
| Parent PID | 0x8f4 (c:\users\fd1hvy\desktop\flash_player.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
1060
0x
101C
|
Host Behavior
File (17)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\FD1HVy\Desktop | type = file_attributes |
|
2 | |
| Get Info | taskkill.exe | type = file_attributes |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
8 | |
| Open | STD_INPUT_HANDLE | - |
|
6 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 120, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\WINDOWS\system32\taskkill.exe | os_pid = 0x754, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\cmd.exe | base_address = 0xfd0000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x75e90000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\WINDOWS\SysWOW64\cmd.exe, size = 32743 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadUILanguage, address_out = 0x75ea4f70 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileExW, address_out = 0x75ea4330 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsDebuggerPresent, address_out = 0x75ea5930 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x74fe09d0 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\WINDOWS\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\FD1HVy\Desktop |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000080 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #27: cmd.exe
64
0
| Information | Value |
|---|---|
| ID | #27 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | C:\WINDOWS\system32\cmd.exe /C taskkill.exe /f /im anti* |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:03:44, Reason: Child Process |
| Unmonitor | End Time: 00:03:50, Reason: Self Terminated |
| Monitor Duration | 00:00:05 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x105c |
| Parent PID | 0x8f4 (c:\users\fd1hvy\desktop\flash_player.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
1048
0x
1014
|
Host Behavior
File (17)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\FD1HVy\Desktop | type = file_attributes |
|
2 | |
| Get Info | taskkill.exe | type = file_attributes |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
8 | |
| Open | STD_INPUT_HANDLE | - |
|
6 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\WINDOWS\system32\taskkill.exe | os_pid = 0x824, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\cmd.exe | base_address = 0xfd0000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x75e90000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\WINDOWS\SysWOW64\cmd.exe, size = 32743 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadUILanguage, address_out = 0x75ea4f70 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileExW, address_out = 0x75ea4330 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsDebuggerPresent, address_out = 0x75ea5930 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x74fe09d0 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\WINDOWS\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\FD1HVy\Desktop |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000080 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #29: cmd.exe
64
0
| Information | Value |
|---|---|
| ID | #29 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | C:\WINDOWS\system32\cmd.exe /C taskkill.exe /f /im malware* |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:03:44, Reason: Child Process |
| Unmonitor | End Time: 00:03:49, Reason: Self Terminated |
| Monitor Duration | 00:00:04 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xfb4 |
| Parent PID | 0x8f4 (c:\users\fd1hvy\desktop\flash_player.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
E5C
0x
1010
|
Host Behavior
File (17)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\FD1HVy\Desktop | type = file_attributes |
|
2 | |
| Get Info | taskkill.exe | type = file_attributes |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
8 | |
| Open | STD_INPUT_HANDLE | - |
|
6 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 112, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\WINDOWS\system32\taskkill.exe | os_pid = 0x324, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\cmd.exe | base_address = 0xfd0000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x75e90000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\WINDOWS\SysWOW64\cmd.exe, size = 32743 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadUILanguage, address_out = 0x75ea4f70 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileExW, address_out = 0x75ea4330 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsDebuggerPresent, address_out = 0x75ea5930 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x74fe09d0 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\WINDOWS\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\FD1HVy\Desktop |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000080 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #32: taskkill.exe
0
0
| Information | Value |
|---|---|
| ID | #32 |
| File Name | c:\windows\syswow64\taskkill.exe |
| Command Line | taskkill.exe /f /im sql* |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:03:45, Reason: Child Process |
| Unmonitor | End Time: 00:03:48, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xd9c |
| Parent PID | 0x13dc (c:\windows\syswow64\cmd.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
FD8
0x
100C
0x
FC0
0x
1018
0x
F64
|
Process #33: taskkill.exe
0
0
| Information | Value |
|---|---|
| ID | #33 |
| File Name | c:\windows\syswow64\taskkill.exe |
| Command Line | taskkill.exe /f /im malware* |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:03:46, Reason: Child Process |
| Unmonitor | End Time: 00:03:49, Reason: Self Terminated |
| Monitor Duration | 00:00:03 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x324 |
| Parent PID | 0xfb4 (c:\windows\syswow64\cmd.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
E88
0x
1004
0x
714
0x
344
0x
490
|
Process #34: vssadmin.exe
0
0
| Information | Value |
|---|---|
| ID | #34 |
| File Name | c:\windows\syswow64\vssadmin.exe |
| Command Line | vssadmin delete shadows /all /quiet |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:03:46, Reason: Child Process |
| Unmonitor | End Time: 00:03:49, Reason: Self Terminated |
| Monitor Duration | 00:00:03 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x1008 |
| Parent PID | 0x13d4 (c:\windows\syswow64\cmd.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
1020
0x
FC4
0x
6C0
0x
F5C
0x
4B0
|
Process #35: taskkill.exe
0
0
| Information | Value |
|---|---|
| ID | #35 |
| File Name | c:\windows\syswow64\taskkill.exe |
| Command Line | taskkill.exe /f /im backup* |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:03:46, Reason: Child Process |
| Unmonitor | End Time: 00:03:50, Reason: Self Terminated |
| Monitor Duration | 00:00:03 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x754 |
| Parent PID | 0xf78 (c:\windows\syswow64\cmd.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
D78
0x
408
0x
D08
0x
9B4
0x
7B8
|
Process #37: taskkill.exe
0
0
| Information | Value |
|---|---|
| ID | #37 |
| File Name | c:\windows\syswow64\taskkill.exe |
| Command Line | taskkill.exe /f /im anti* |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:03:46, Reason: Child Process |
| Unmonitor | End Time: 00:03:50, Reason: Self Terminated |
| Monitor Duration | 00:00:04 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x824 |
| Parent PID | 0x105c (c:\windows\syswow64\cmd.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
D6C
0x
F40
0x
CF4
0x
784
0x
D44
|
Process #38: cmd.exe
73
0
| Information | Value |
|---|---|
| ID | #38 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | C:\WINDOWS\system32\cmd.exe /C ping 127.0.0.1 -n 3 > NUL && del /Q /F "C:\Users\FD1HVy\Desktop\Flash_Player.exe" |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:03:47, Reason: Child Process |
| Unmonitor | End Time: 00:03:52, Reason: Self Terminated |
| Monitor Duration | 00:00:04 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x658 |
| Parent PID | 0x8f4 (c:\users\fd1hvy\desktop\flash_player.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
DC4
0x
37C
|
Host Behavior
File (26)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | NUL | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Get Info | C:\Users\FD1HVy\Desktop | type = file_attributes |
|
3 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Get Info | C:\Users\FD1HVy\Desktop\Flash_Player.exe | type = file_attributes |
|
2 | |
| Open | STD_OUTPUT_HANDLE | - |
|
12 | |
| Open | STD_INPUT_HANDLE | - |
|
6 | |
| Open | \??\C:\Users\FD1HVy\Desktop\Flash_Player.exe | desired_access = DELETE, open_options = FILE_NON_DIRECTORY_FILE, FILE_DELETE_ON_CLOSE, FILE_OPEN_FOR_BACKUP_INTENT, share_mode = FILE_SHARE_DELETE |
|
1 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\WINDOWS\system32\PING.EXE | os_pid = 0xb08, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\cmd.exe | base_address = 0xfd0000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x75e90000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\WINDOWS\SysWOW64\cmd.exe, size = 32743 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadUILanguage, address_out = 0x75ea4f70 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileExW, address_out = 0x75ea4330 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsDebuggerPresent, address_out = 0x75ea5930 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x74fe09d0 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\WINDOWS\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\FD1HVy\Desktop |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #40: ping.exe
73
1
| Information | Value |
|---|---|
| ID | #40 |
| File Name | c:\windows\syswow64\ping.exe |
| Command Line | ping 127.0.0.1 -n 3 |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:03:48, Reason: Child Process |
| Unmonitor | End Time: 00:03:52, Reason: Self Terminated |
| Monitor Duration | 00:00:03 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xb08 |
| Parent PID | 0x658 (c:\windows\syswow64\cmd.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
106C
0x
DB8
0x
DC8
0x
DDC
|
Host Behavior
File (50)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
17 | |
| Open | STD_OUTPUT_HANDLE | - |
|
17 | |
| Write | STD_OUTPUT_HANDLE | size = 20 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 24 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 22 |
|
3 | |
| Write | STD_OUTPUT_HANDLE | size = 9 |
|
9 | |
| Write | STD_OUTPUT_HANDLE | size = 92 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 97 |
|
1 |
Registry (2)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters | value_name = DefaultTTL, data = 0, type = REG_NONE |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\ping.exe | base_address = 0xea0000 |
|
1 |
System (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
2 |
Environment (17)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | name = OutputEncoding |
|
17 |
Network Behavior
ICMP (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Send ICMP Echo | source_address = 0.0.0.0, destination_address = 127.0.0.1, timeout = 4000 |
|
3 |
DNS (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Resolve Address | address = 127.0.0.1, host_out = 127.0.0.1 |
|
2 | |
| Resolve Name | host = 127.0.0.1, address_out = 127.0.0.1 |
|
1 |
