raEMQ.exe
Windows Exe (x86-64)
Created at 2019-04-17T10:20:00
Remarks (2/2)
(0x200000e): The overall sleep time of all monitored processes was truncated from "38 minutes, 45 seconds" to "10 minutes, 20 seconds" to reveal dormant functionality.
Monitored Processes
Behavior Information - Grouped by Category
Process #1: raemq.exe
82902
0
| Information | Value |
|---|---|
| ID | #1 |
| File Name | c:\users\fd1hvy\desktop\raemq.exe |
| Command Line | "C:\Users\FD1HVy\Desktop\raEMQ.exe" |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:00:34, Reason: Analysis Target |
| Unmonitor | End Time: 00:04:44, Reason: Terminated by Timeout |
| Monitor Duration | 00:04:10 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xf78 |
| Parent PID | 0x860 (c:\windows\explorer.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
49C
0x
D08
0x
D40
0x
BEC
0x
D80
0x
E90
0x
D18
0x
DB4
0x
9E4
0x
86C
0x
D48
0x
D98
0x
E38
0x
1074
0x
10E0
0x
1104
0x
1108
0x
110C
0x
1110
0x
1114
0x
1118
0x
111C
0x
1120
0x
1124
0x
112C
0x
1130
0x
1134
0x
1138
0x
113C
0x
1140
0x
1144
0x
1148
0x
114C
0x
1150
0x
1154
0x
1158
0x
1160
0x
1164
0x
1168
0x
116C
0x
1170
0x
1174
0x
1178
0x
117C
0x
1180
0x
1184
0x
1188
0x
118C
0x
1190
0x
1194
0x
1198
0x
119C
0x
11A0
0x
11A4
0x
11A8
0x
11AC
0x
11B0
0x
11B4
0x
11B8
0x
11BC
0x
11C0
0x
11C4
0x
11C8
0x
120C
0x
1210
0x
1214
0x
1218
0x
121C
0x
1220
0x
1224
0x
1228
0x
122C
0x
1230
0x
1234
0x
1238
0x
124C
0x
1250
0x
1254
0x
1258
0x
125C
0x
1260
0x
1264
0x
1268
0x
126C
0x
1270
0x
1274
0x
1278
0x
127C
0x
1280
0x
1284
0x
1288
0x
128C
0x
1290
0x
1294
0x
1298
0x
129C
0x
12A0
0x
12A4
0x
12A8
0x
12AC
0x
12B0
0x
12B4
0x
12B8
0x
12BC
0x
12C0
0x
12C4
0x
12C8
0x
12CC
0x
12D0
0x
12D4
0x
12D8
0x
12DC
0x
12E0
0x
12E4
0x
12E8
0x
12EC
0x
12F0
0x
12F4
0x
12F8
0x
12FC
0x
1300
0x
1304
0x
1308
0x
130C
0x
1310
0x
1314
0x
1318
0x
131C
0x
1320
0x
1324
0x
1328
0x
132C
0x
1330
0x
1334
0x
1338
0x
133C
0x
1348
0x
134C
0x
1350
0x
1354
0x
1358
0x
135C
0x
1360
0x
1364
0x
1368
0x
136C
0x
1370
0x
1374
0x
1378
0x
137C
0x
1380
0x
1384
0x
1388
0x
138C
0x
1390
0x
1394
0x
1398
0x
139C
0x
13A0
0x
13A4
0x
13A8
0x
13AC
0x
13B0
0x
13B4
0x
13B8
0x
13BC
0x
13C0
0x
13C4
0x
13C8
0x
13CC
0x
13D0
0x
13D4
0x
13D8
0x
13DC
0x
13E0
0x
13EC
0x
13F0
0x
13F4
0x
13F8
0x
13FC
0x
F10
0x
F8C
0x
B0C
0x
CC4
0x
F1C
0x
6D8
0x
468
0x
BB4
0x
524
0x
CC0
0x
46C
0x
B98
0x
B04
0x
564
0x
6A8
0x
6C0
0x
6B4
0x
910
0x
570
0x
5B4
0x
560
0x
56C
0x
568
0x
4FC
0x
1008
0x
1014
0x
1004
0x
FB0
0x
F7C
0x
EA8
0x
4A8
0x
FE8
0x
FE4
0x
A80
0x
D98
0x
D48
0x
E80
0x
FA8
0x
CBC
0x
AEC
0x
F14
0x
FD8
0x
D58
0x
A28
0x
BE8
0x
FD4
0x
D20
0x
4E0
0x
1028
0x
1030
0x
102C
0x
CF8
0x
FDC
0x
BEC
0x
EC0
0x
384
0x
FD0
0x
E98
0x
CE0
0x
E30
0x
9E0
0x
DAC
0x
10A0
0x
10A4
0x
109C
0x
107C
0x
108C
0x
1094
0x
1088
0x
1080
0x
840
0x
F4
0x
9B0
0x
B08
0x
7EC
0x
105C
0x
1058
0x
103C
0x
ED0
0x
F5C
0x
1034
0x
1038
0x
1054
0x
F70
0x
724
0x
728
0x
73C
0x
70C
0x
708
0x
810
0x
4CC
0x
8A8
0x
8D8
0x
8A4
0x
AF4
0x
750
0x
AF8
0x
710
0x
700
0x
E60
0x
AFC
0x
C3C
0x
470
0x
3CC
0x
EC8
0x
CF4
0x
F60
0x
4C8
0x
A98
0x
7F0
0x
4C4
0x
86C
0x
10DC
0x
C64
0x
4A4
0x
EB8
0x
3D8
0x
EF0
0x
7B4
0x
4A0
0x
A78
0x
FF4
0x
6C8
0x
11D8
0x
11CC
0x
10E8
0x
11E8
0x
11F8
0x
10F8
0x
1128
0x
11F0
0x
11D4
0x
10F4
0x
11F4
0x
11E4
0x
11DC
0x
1100
0x
10FC
0x
10E4
0x
10EC
0x
10C0
0x
C30
0x
DC8
0x
D78
0x
DDC
0x
A60
0x
AC4
0x
260
0x
1050
0x
1020
0x
D30
0x
FE0
0x
AA4
0x
FCC
0x
D24
0x
C40
0x
1358
0x
CF0
0x
D44
0x
DF4
0x
D88
0x
E94
0x
F6C
0x
C58
0x
4B8
0x
1070
0x
F3C
0x
4FC
0x
F08
0x
10F0
0x
CC8
0x
864
0x
874
0x
908
0x
964
0x
9BC
0x
A10
0x
9D0
0x
A38
0x
A40
0x
4D0
0x
A44
0x
A4C
0x
97C
0x
A64
0x
A74
0x
AA0
0x
AAC
0x
AA8
0x
AB0
0x
AB8
0x
ABC
0x
974
0x
ACC
0x
AD0
0x
ADC
0x
AE0
0x
AE4
0x
BBC
0x
C0C
0x
C4C
0x
C2C
0x
994
0x
A68
0x
C44
0x
AD8
0x
AD4
0x
AC0
0x
C80
0x
C98
0x
878
0x
914
0x
C60
0x
DA0
0x
D50
0x
958
0x
A94
0x
8F8
0x
1068
0x
10A8
0x
10D0
0x
10D8
0x
10B8
0x
870
0x
1404
0x
1408
0x
140C
0x
1410
0x
1414
0x
1418
0x
141C
0x
1420
0x
1424
0x
1428
0x
142C
0x
1430
0x
1434
0x
1438
0x
143C
0x
1440
0x
1444
0x
1448
0x
144C
0x
1450
0x
1454
0x
1458
0x
145C
0x
1460
0x
1464
0x
1468
0x
146C
0x
1470
0x
1474
0x
1478
0x
147C
0x
1480
0x
1484
0x
14A0
0x
14A4
0x
14A8
0x
14AC
0x
14B0
0x
14B4
0x
14B8
0x
14BC
0x
14C0
0x
14C4
0x
14C8
0x
14CC
0x
14D0
0x
14D4
0x
14D8
0x
14DC
0x
14E0
0x
14E4
0x
14E8
0x
14EC
0x
14F0
0x
14F4
0x
14F8
0x
14FC
0x
1500
0x
1504
0x
1508
0x
150C
0x
1510
0x
1514
0x
1518
0x
151C
0x
1520
0x
1524
0x
1528
0x
152C
0x
1530
0x
1534
0x
1538
0x
153C
0x
1540
0x
1544
0x
1548
0x
154C
0x
1550
0x
1554
0x
1558
0x
1560
0x
1564
0x
1568
0x
156C
0x
1570
0x
1574
0x
1578
0x
157C
0x
1580
0x
1584
0x
1588
0x
158C
0x
1590
0x
1594
0x
1598
0x
159C
0x
15A0
0x
15A4
0x
15A8
0x
15AC
0x
15B0
0x
15B4
0x
15B8
0x
15BC
0x
15C0
0x
15C4
0x
15C8
0x
15CC
0x
15D0
0x
15D4
0x
15D8
0x
15DC
0x
15E0
0x
15E4
0x
15E8
0x
15EC
0x
15F0
0x
15F4
0x
15F8
0x
15FC
0x
1600
0x
1604
0x
1608
0x
160C
0x
1610
0x
1614
0x
1618
0x
161C
0x
1620
0x
1624
0x
1628
0x
162C
0x
1630
0x
1634
0x
1638
0x
163C
0x
1640
0x
1644
0x
1648
0x
164C
0x
1650
0x
1654
0x
1658
0x
165C
0x
1668
0x
166C
0x
1670
0x
1674
0x
1678
0x
167C
0x
1680
0x
1684
0x
1688
0x
168C
0x
1690
0x
1694
0x
1698
0x
169C
0x
16A0
0x
16A4
0x
16A8
0x
16AC
0x
16B0
0x
16B4
0x
16B8
0x
16BC
0x
16C0
0x
16C4
0x
16C8
0x
16CC
0x
16D0
0x
16D4
0x
16D8
0x
16DC
0x
16E0
0x
16E4
0x
16E8
0x
16EC
0x
16F0
0x
16F4
0x
16F8
0x
16FC
0x
1700
0x
1704
0x
1708
0x
170C
0x
1710
0x
1714
0x
1718
0x
171C
0x
1720
0x
1724
0x
1728
0x
172C
0x
1730
0x
1734
0x
1738
0x
173C
0x
1740
0x
1744
0x
1748
0x
174C
0x
1750
0x
1754
0x
1758
0x
175C
0x
1760
0x
1764
0x
1768
0x
176C
0x
1770
0x
1774
0x
1778
0x
177C
0x
1780
0x
1784
0x
1788
0x
178C
0x
1790
0x
1794
0x
1798
0x
179C
0x
17A0
0x
17A4
0x
17A8
0x
17AC
0x
17B0
0x
17B4
0x
17B8
0x
17BC
0x
17C0
0x
17C4
0x
17C8
0x
17CC
0x
17D0
0x
17D4
0x
17D8
0x
17DC
0x
17E0
0x
17E4
0x
17E8
0x
17EC
0x
17F0
0x
17F4
0x
17F8
0x
17FC
0x
F84
0x
10E0
0x
F0C
0x
13E8
0x
500
0x
1090
0x
100C
0x
B10
0x
6A4
0x
1248
0x
1204
0x
58
0x
A9C
0x
C5C
0x
AB4
0x
F58
0x
AE8
0x
1078
0x
10BC
0x
540
0x
6CC
0x
1664
0x
1660
0x
1804
0x
1808
0x
180C
0x
1810
0x
1814
0x
1818
0x
181C
0x
1820
0x
1824
0x
1828
0x
182C
0x
1830
0x
1834
0x
1838
0x
183C
0x
1840
0x
1844
0x
1848
0x
184C
0x
1850
0x
1854
0x
1858
0x
185C
0x
1860
0x
1864
0x
1868
0x
186C
0x
1870
0x
1874
0x
1878
0x
187C
0x
1880
0x
1884
0x
1888
0x
188C
0x
1890
0x
1894
0x
1898
0x
189C
0x
18A0
0x
18A4
0x
18A8
0x
18AC
0x
18B0
0x
18B4
0x
18B8
0x
18BC
0x
18C0
0x
18C4
0x
18C8
0x
18CC
0x
18D0
0x
18D4
0x
18D8
0x
18DC
0x
18E0
0x
18E4
0x
18E8
0x
18EC
0x
18F0
0x
18F4
0x
1908
0x
190C
0x
1910
0x
1914
0x
1918
0x
191C
0x
1920
0x
1924
0x
1928
0x
192C
0x
1930
0x
1934
0x
1940
0x
1944
0x
1948
0x
194C
0x
1950
0x
1954
0x
1958
0x
1960
0x
1964
0x
1968
0x
196C
0x
1970
0x
1974
0x
1978
0x
197C
0x
1980
0x
1984
0x
1988
0x
198C
0x
1990
0x
1994
0x
1998
0x
199C
0x
19A0
0x
19A4
0x
19A8
0x
19AC
0x
19B0
0x
19B4
0x
19B8
0x
19BC
0x
19C0
0x
19C4
0x
19C8
0x
19CC
0x
19D0
0x
19D4
0x
19D8
0x
19DC
0x
19E0
0x
19E4
0x
19E8
0x
19EC
0x
19F0
0x
19F4
0x
19F8
0x
19FC
0x
1A00
0x
1A04
0x
1A08
0x
1A0C
0x
1A10
0x
1A14
0x
1A18
0x
1A1C
0x
1A20
0x
1A24
0x
1A2C
0x
1A30
0x
1A34
0x
1A38
0x
1A3C
0x
1A40
0x
1A44
0x
1A48
0x
1A4C
0x
1A64
0x
1A68
0x
1A6C
0x
1A70
0x
1A74
0x
1A78
0x
1A7C
0x
1A80
0x
1A84
0x
1A88
0x
1A8C
0x
1A90
0x
1A94
0x
1A98
0x
1A9C
0x
1AA0
0x
1AA4
0x
1AA8
0x
1AAC
0x
1AB0
0x
1AB4
0x
1AB8
0x
1ABC
0x
1AC0
0x
1AC4
0x
1AC8
0x
1ACC
0x
1AD0
0x
1AD4
0x
1AD8
0x
1ADC
0x
1AE0
0x
1AE8
0x
1AEC
0x
1AF0
0x
1AF4
0x
1AF8
0x
1AFC
0x
1B00
0x
1B04
0x
1B08
0x
1B0C
0x
1B10
0x
1B18
0x
1B1C
0x
1B20
0x
1B24
0x
1B28
0x
1B2C
0x
1B30
0x
1B38
0x
1B3C
0x
1B40
0x
1B44
0x
1B48
0x
1B4C
0x
1B50
0x
1B54
0x
1B58
0x
1B5C
0x
1B60
0x
1B64
0x
1B68
0x
1B6C
0x
1B70
0x
1B74
0x
1B78
0x
1B7C
0x
1B80
0x
1B84
0x
1B88
0x
1B8C
0x
1B90
0x
1B94
0x
1B98
0x
1B9C
0x
1BA0
0x
1BA4
0x
1BA8
0x
1BAC
0x
1BB0
0x
1BB4
0x
1BB8
0x
1BBC
0x
1BC0
0x
1BC4
0x
1BC8
0x
1BCC
0x
1BD4
0x
1BD8
0x
1BDC
0x
1BE0
0x
10CC
0x
1A4
0x
E88
0x
10D4
0x
18F8
0x
18FC
0x
DD4
0x
DD0
0x
BD8
0x
BA8
0x
FA4
0x
FB8
0x
FF0
0x
13E4
0x
6B8
0x
1200
0x
B80
0x
E7C
0x
10C8
0x
F74
0x
1208
0x
FC8
0x
A7C
0x
F18
0x
FC4
0x
83C
0x
18E4
0x
42C
0x
106C
0x
1074
0x
1084
0x
F88
0x
F48
0x
D6C
0x
BFC
0x
48C
0x
4D8
0x
1098
0x
193C
0x
1A10
0x
1A5C
0x
11EC
0x
F40
0x
1A54
0x
1B34
0x
1BFC
0x
1BF4
0x
1BE4
0x
1BE8
0x
1A50
0x
1A60
0x
1BF0
0x
1A58
0x
1BF8
0x
1904
0x
1BEC
0x
DA8
0x
F0
0x
1A28
0x
1BD0
0x
1AE4
0x
1900
0x
195C
0x
1938
0x
FB4
0x
E34
0x
DE8
0x
DE4
0x
DE0
0x
B8C
0x
B88
0x
B9C
0x
BA0
0x
BA4
0x
B68
0x
B94
0x
BE0
0x
BDC
0x
C08
0x
634
0x
BD4
0x
BD0
0x
8C8
0x
CA8
0x
CA4
0x
CB4
0x
CB0
0x
B54
0x
BB0
0x
BC4
0x
BC8
0x
BCC
0x
B7C
0x
BF0
0x
778
0x
50C
0x
7C4
0x
630
0x
828
0x
588
0x
BB8
0x
6D4
0x
6C4
0x
578
0x
BC0
0x
590
0x
B74
0x
B70
0x
1C04
0x
1C08
0x
1C0C
0x
1C10
0x
1C14
0x
1C18
0x
1C1C
0x
1C20
0x
1C24
0x
1C28
0x
1C2C
0x
1C30
0x
1C34
0x
1C38
0x
1C3C
0x
1C40
0x
1C44
0x
1C48
0x
1C4C
0x
1C50
0x
1C54
0x
1C58
0x
1C5C
0x
1C60
0x
1C64
0x
1C68
0x
1C6C
0x
1C84
0x
1C88
0x
1C8C
0x
1C90
0x
1C94
0x
1CD0
0x
1CD4
0x
1CD8
0x
1CDC
0x
1CE0
0x
1CE4
0x
1CE8
0x
1CEC
0x
1CF0
0x
1CF4
0x
1CF8
0x
1CFC
0x
1D00
0x
1D04
0x
1D08
0x
1D0C
0x
1D10
0x
1D14
0x
1D18
0x
1D1C
0x
1D20
0x
1D24
0x
1D28
0x
1D2C
0x
1D30
0x
1D3C
0x
1D40
0x
1D44
0x
1D48
0x
1D4C
0x
1D50
0x
1D54
0x
1D58
0x
1D5C
0x
1D60
0x
1D64
0x
1D68
0x
1D6C
0x
1D70
0x
1D74
0x
1D78
0x
1D7C
0x
1D80
0x
1D84
0x
1D88
0x
1D8C
0x
1D90
0x
1D94
0x
1D98
0x
1D9C
0x
1DA0
0x
1DA4
0x
1DA8
0x
1DAC
0x
1DB0
0x
1DB4
0x
1DB8
0x
1DBC
0x
1DC0
0x
1DC4
0x
1DC8
0x
1DCC
0x
1DD0
0x
1DD4
0x
1DD8
0x
1DDC
0x
1DE0
0x
1DE4
0x
1DE8
0x
1DEC
0x
1DF0
0x
1DF4
0x
1DF8
0x
1DFC
0x
1E00
0x
1E04
0x
1E08
0x
1E0C
0x
1E10
0x
1E14
0x
1E2C
0x
1E30
0x
1E34
0x
1E38
0x
1E3C
0x
1E40
0x
1E44
0x
1E48
0x
1E4C
0x
1E50
0x
1E54
0x
1E58
0x
1E5C
0x
1E60
0x
1E64
0x
1E68
0x
1E6C
0x
1E70
0x
1E74
0x
1E78
0x
1E7C
0x
1E80
0x
1E84
0x
1E88
0x
1E8C
0x
1E90
0x
1E94
0x
1E98
0x
1E9C
0x
1EA0
0x
1EA4
0x
1EA8
0x
1EAC
0x
1EB0
0x
1EB4
0x
1EB8
0x
1EBC
0x
1EC0
0x
1EC4
0x
1EC8
0x
1ECC
0x
1ED0
0x
1ED4
0x
1ED8
0x
1EDC
0x
1EE0
0x
1EEC
0x
1EF0
0x
1EF4
0x
1EF8
0x
1EFC
0x
1F00
0x
1F04
0x
1F08
0x
1F0C
0x
1F10
0x
1F14
0x
1F18
0x
1F1C
0x
1F20
0x
1F24
0x
1F28
0x
1F2C
0x
1F30
0x
1F34
0x
1F38
0x
1F3C
0x
1F40
0x
1F44
0x
1F48
0x
1F4C
0x
1F50
0x
1F54
0x
1F60
0x
1F64
0x
1F68
0x
1F6C
0x
1F70
0x
1F74
0x
1F78
0x
1F7C
0x
1F80
0x
1F84
0x
1F88
0x
1F8C
0x
1F90
0x
1F94
0x
1F98
0x
1F9C
0x
1FA4
0x
1FA8
0x
1FAC
0x
1FB0
0x
1FB4
0x
1FB8
0x
1FBC
0x
1FC0
0x
1FC4
0x
1FC8
0x
1FCC
0x
1FD0
0x
1FD4
0x
1FD8
0x
1FDC
0x
1FE0
0x
1FE4
0x
1FE8
0x
1FEC
0x
1FF0
0x
1FF4
0x
1FF8
0x
1FFC
0x
1C70
0x
1CC4
0x
60
0x
904
0x
1EE8
0x
1EE4
0x
115C
0x
2004
0x
2008
0x
200C
0x
2010
0x
2014
0x
2050
0x
2058
0x
205C
0x
2060
0x
2064
0x
2068
0x
206C
0x
2070
0x
2074
0x
2078
0x
207C
0x
2080
0x
2084
0x
2088
0x
208C
0x
2090
0x
2094
0x
2098
0x
209C
0x
20A0
0x
20A4
0x
20A8
0x
20AC
0x
20B0
0x
20B4
0x
20B8
0x
20BC
0x
20C0
0x
20C4
0x
20C8
0x
20CC
0x
20D0
0x
20D4
0x
20D8
0x
20DC
0x
20E4
0x
20E8
0x
20EC
0x
20F0
0x
20F4
0x
20F8
0x
20FC
0x
2100
0x
2104
0x
2108
0x
210C
0x
2110
0x
2114
0x
2118
0x
211C
0x
2120
0x
2124
0x
2128
0x
212C
0x
2130
0x
2134
0x
2138
0x
213C
0x
2140
0x
2144
0x
2148
0x
214C
0x
2150
0x
2154
0x
2158
0x
215C
0x
2160
0x
2164
0x
2168
0x
216C
0x
2170
0x
2174
0x
2178
0x
217C
0x
218C
0x
2190
0x
2194
0x
2198
0x
21A4
0x
21A8
0x
21AC
0x
21B0
0x
21B4
0x
21B8
0x
21BC
0x
21C0
0x
21C4
0x
21C8
0x
21CC
0x
21D0
0x
21D4
0x
21D8
0x
21DC
0x
21E0
0x
21E4
0x
21E8
0x
21EC
0x
21F0
0x
21F4
0x
21F8
0x
21FC
0x
2200
0x
2204
0x
2208
0x
220C
0x
2210
0x
2214
0x
2218
0x
221C
0x
2220
0x
2224
0x
2228
0x
222C
0x
2230
0x
2234
0x
2238
0x
223C
0x
2240
0x
2244
0x
2248
0x
224C
0x
2250
0x
2254
0x
2258
0x
225C
0x
2268
0x
226C
0x
2270
0x
2274
0x
2278
0x
227C
0x
2280
0x
2284
0x
2288
0x
228C
0x
2290
0x
2294
0x
2298
0x
229C
0x
22A0
0x
22A8
0x
22AC
0x
22B0
0x
22B4
0x
22B8
0x
22BC
0x
22C0
0x
22C4
0x
22C8
0x
22CC
0x
22D0
0x
22D4
0x
22E0
0x
22E4
0x
22E8
0x
22EC
0x
22F0
0x
22F4
0x
22F8
0x
22FC
0x
2300
0x
2304
0x
2308
0x
230C
0x
2310
0x
2314
0x
2318
0x
231C
0x
2320
0x
2324
0x
2328
0x
232C
0x
2330
0x
2334
0x
2348
0x
234C
0x
2350
0x
2354
0x
2358
0x
235C
0x
2360
0x
2364
0x
2368
0x
236C
0x
2370
0x
2374
0x
2378
0x
237C
0x
2380
0x
2384
0x
2388
0x
238C
0x
2390
0x
2394
0x
2398
0x
239C
0x
23A0
0x
23A4
0x
23A8
0x
23AC
0x
23B0
0x
23B4
0x
23B8
0x
23BC
0x
23C0
0x
23C4
0x
23C8
0x
23CC
0x
23D0
0x
23D4
0x
23D8
0x
23DC
0x
23E0
0x
23E4
0x
23E8
0x
23EC
0x
23F0
0x
23F4
0x
23F8
0x
23FC
0x
C6C
0x
344
0x
D08
0x
2024
0x
202C
0x
1488
0x
203C
0x
1E14
0x
9F0
0x
F24
0x
ED4
0x
2404
0x
2408
0x
240C
0x
2410
0x
2414
0x
2418
0x
241C
0x
2420
0x
2424
0x
2428
0x
2430
0x
2434
0x
2438
0x
243C
0x
2440
0x
2444
0x
2448
0x
244C
0x
2450
0x
2454
0x
2458
0x
245C
0x
2460
0x
2464
0x
2468
0x
246C
0x
2470
0x
2474
0x
2478
0x
247C
0x
2480
0x
2484
0x
2488
0x
248C
0x
2490
0x
2494
0x
2498
0x
249C
0x
24A0
0x
24A4
0x
24A8
0x
24AC
0x
24B0
0x
24B8
0x
24BC
0x
24C0
0x
24C4
0x
24C8
0x
24CC
0x
24D0
0x
24D4
0x
24D8
0x
24DC
0x
24E0
0x
24E4
0x
24E8
0x
24EC
0x
24F0
0x
24F4
0x
24F8
0x
24FC
0x
2500
0x
2504
0x
2508
0x
250C
0x
2510
0x
2514
0x
2518
0x
251C
0x
2520
0x
2524
0x
2528
0x
252C
0x
2530
0x
2534
0x
2538
0x
253C
0x
2540
0x
2544
0x
2548
0x
254C
0x
2550
0x
2554
0x
2558
0x
255C
0x
2560
0x
2564
0x
2568
0x
256C
0x
2570
0x
2574
0x
2578
0x
257C
0x
2580
0x
2584
0x
2588
0x
258C
0x
2590
0x
2594
0x
2598
0x
259C
0x
25A0
0x
25A4
0x
25A8
0x
25AC
0x
25B0
0x
25B4
0x
25B8
0x
25BC
0x
25C0
0x
25C4
0x
25C8
0x
25CC
0x
25D0
0x
25D4
0x
25D8
0x
25DC
0x
25E0
0x
25E4
0x
25E8
0x
25EC
0x
25F0
0x
25F4
0x
25F8
0x
25FC
0x
2600
0x
2604
0x
2608
0x
260C
0x
2610
0x
2614
0x
2618
0x
261C
0x
2620
0x
2624
0x
2628
0x
262C
0x
2630
0x
2634
0x
2638
0x
263C
0x
2640
0x
2644
0x
2648
0x
264C
0x
2650
0x
2654
0x
2658
0x
265C
0x
2660
0x
2664
0x
2668
0x
266C
0x
2670
0x
2674
0x
2678
0x
267C
0x
2680
0x
2684
0x
2688
0x
268C
0x
2690
0x
2694
0x
2698
0x
269C
0x
26A0
0x
26A4
0x
26A8
0x
26AC
0x
26B0
0x
26B4
0x
26B8
0x
26BC
0x
26C0
0x
26C4
0x
26C8
0x
26CC
0x
26D0
0x
26D4
0x
26D8
0x
26DC
0x
26E0
0x
26E4
0x
26E8
0x
26EC
0x
26F0
0x
26F4
0x
26F8
0x
26FC
0x
2700
0x
2704
0x
2708
0x
270C
0x
2710
0x
2714
0x
2718
0x
271C
0x
2720
0x
2724
0x
2728
0x
272C
0x
2730
0x
2734
0x
2738
0x
273C
0x
2740
0x
2744
0x
2748
0x
274C
0x
2750
0x
2754
0x
2758
0x
275C
0x
2760
0x
2764
0x
2768
0x
276C
0x
2770
0x
2774
0x
2778
0x
277C
0x
2780
0x
2784
0x
2788
0x
278C
0x
2790
0x
2794
0x
2798
0x
279C
0x
27A0
0x
27A4
0x
27A8
0x
27AC
0x
27B0
0x
27B4
0x
27B8
0x
27BC
0x
27C0
0x
27C4
0x
27C8
0x
27CC
0x
27D0
0x
27D4
0x
27D8
0x
27DC
0x
27E0
0x
27E4
0x
27E8
0x
27EC
0x
27F0
0x
27F4
0x
27F8
0x
27FC
0x
2804
0x
2808
0x
280C
0x
2810
0x
2814
0x
2818
0x
281C
0x
2820
0x
2824
0x
2828
0x
282C
0x
2830
0x
2834
0x
2838
0x
283C
0x
2840
0x
2844
0x
2848
0x
284C
0x
2850
0x
2854
0x
2858
0x
285C
0x
2860
0x
2864
0x
2868
0x
286C
0x
2870
0x
2874
0x
2878
0x
287C
0x
2880
0x
2884
0x
2888
0x
288C
0x
2890
0x
2894
0x
2898
0x
289C
0x
28A0
0x
28A4
0x
28A8
0x
28AC
0x
28B0
0x
28B4
0x
28B8
0x
28BC
0x
28C0
0x
28C4
0x
28C8
0x
28CC
0x
28D0
0x
28D4
0x
28D8
0x
28DC
0x
28E0
0x
28E4
0x
28E8
0x
28EC
0x
28F0
0x
28F4
0x
28F8
0x
28FC
0x
2900
0x
2904
0x
2908
0x
290C
0x
2910
0x
2914
0x
2918
0x
291C
0x
2920
0x
2924
0x
2928
0x
292C
0x
2930
0x
2934
0x
2938
0x
293C
0x
2940
0x
2944
0x
2948
0x
294C
0x
2950
0x
2954
0x
2958
0x
295C
0x
2960
0x
2964
0x
2968
0x
296C
0x
2970
0x
2974
0x
2978
0x
297C
0x
2980
0x
2984
0x
2988
0x
298C
0x
2990
0x
2994
0x
2998
0x
299C
0x
29A0
0x
29A4
0x
29A8
0x
29AC
0x
29B0
0x
29B4
0x
29B8
0x
29BC
0x
29C0
0x
29C4
0x
29C8
0x
29CC
0x
29D0
0x
29D4
0x
29D8
0x
29DC
0x
29E0
0x
29E4
0x
29E8
0x
29EC
0x
29F0
0x
29F4
0x
29F8
0x
29FC
0x
2A00
0x
2A04
0x
2A08
0x
2A0C
0x
2A10
0x
2A14
0x
2A18
0x
2A1C
0x
2A20
0x
2A24
0x
2A28
0x
2A2C
0x
2A30
0x
2A34
0x
2A38
0x
2A3C
0x
2A40
0x
2A44
0x
2A48
0x
2A4C
0x
2A50
0x
2A54
0x
2A58
0x
2A5C
0x
2A60
0x
2A64
0x
2A68
0x
2A6C
0x
2A70
0x
2A74
0x
2A78
0x
2A7C
0x
2A80
0x
2A84
0x
2A88
0x
2A8C
0x
2A90
0x
2A94
0x
2A98
0x
2A9C
0x
2AA0
0x
2AA4
0x
2AA8
0x
2AAC
0x
2AB0
0x
2AB4
0x
2AB8
0x
2ABC
0x
2AC0
0x
2AC4
0x
2AC8
0x
2ACC
0x
2AD0
0x
2AD4
0x
2AD8
0x
2ADC
0x
2AE0
0x
2AE4
0x
2AE8
0x
2AEC
0x
2AF0
0x
2AF4
0x
2AF8
0x
2AFC
0x
2B00
0x
2B04
0x
2B08
0x
2B0C
0x
2B10
0x
2B14
0x
2B18
0x
2B1C
0x
2B20
0x
2B24
0x
2B28
0x
2B2C
0x
2B30
0x
2B34
0x
2B38
0x
2B3C
0x
2B40
0x
2B44
0x
2B48
0x
2B4C
0x
2B50
0x
2B54
0x
2B58
0x
2B5C
0x
2B60
0x
2B64
0x
2B68
0x
2B6C
0x
2B70
0x
2B74
0x
2B7C
0x
2B80
0x
2B84
0x
2B88
0x
2B8C
0x
2B90
0x
2B94
0x
2B98
0x
2B9C
0x
2BA0
0x
2BA4
0x
2BA8
0x
2BAC
0x
2BB0
0x
2BB4
0x
2BB8
0x
2BBC
0x
2BC0
0x
2BC4
0x
2BC8
0x
2BCC
0x
2BD0
0x
2BD4
0x
2BD8
0x
2BDC
0x
2BE0
0x
2BE4
0x
2BE8
0x
2BEC
0x
2BF0
0x
2BF4
0x
2BF8
0x
2BFC
0x
EDC
0x
1FC8
0x
4E4
0x
233C
0x
242C
0x
2338
0x
201C
0x
2344
0x
24B4
0x
1E24
0x
2340
0x
2034
0x
2040
0x
2264
0x
2B78
0x
2C04
0x
2C08
0x
2C0C
0x
2C10
0x
2C14
0x
2C18
0x
2C1C
0x
2C20
0x
2C24
0x
2C28
0x
2C2C
0x
2C30
0x
2C34
0x
2C38
0x
2C3C
0x
2C44
0x
2C48
0x
2C4C
0x
2C50
0x
2C54
0x
2C58
0x
2C5C
0x
2C60
0x
2C64
0x
2C68
0x
2C6C
0x
2C70
0x
2C74
0x
2C78
0x
2C7C
0x
2C80
0x
2C84
0x
2C88
0x
2C8C
0x
2C90
0x
2C94
0x
2C98
0x
2C9C
0x
2CA0
0x
2CA4
0x
2CA8
0x
2CAC
0x
2CB0
0x
2CB4
0x
2CB8
0x
2CBC
0x
2CC0
0x
2CC4
0x
2CC8
0x
2CCC
0x
2CD0
0x
2CD4
0x
2CD8
0x
2CDC
0x
2CE0
0x
2CE4
0x
2CE8
0x
2CEC
0x
2CF0
0x
2CF4
0x
2CF8
0x
2CFC
0x
2D00
0x
2D04
0x
2D08
0x
2D0C
0x
2D10
0x
2D14
0x
2D18
0x
2D1C
0x
2D20
0x
2D24
0x
2D28
0x
2D2C
0x
2D30
0x
2D34
0x
2D38
0x
2D3C
0x
2D40
0x
2D44
0x
2D48
0x
2D4C
0x
2D50
0x
2D54
0x
2D58
0x
2D5C
0x
2D60
0x
2D64
0x
2D68
0x
2D6C
0x
2D70
0x
2D74
0x
2D78
0x
2D7C
0x
2D80
0x
2D84
0x
2D88
0x
2D8C
0x
2D90
0x
2D94
0x
2D98
0x
2D9C
0x
2DA0
0x
2DA4
0x
2DA8
0x
2DAC
0x
2DB0
0x
2DB4
0x
2DB8
0x
2DBC
0x
2DC0
0x
2DC4
0x
2DC8
0x
2DCC
0x
2DD0
0x
2DD4
0x
2DD8
0x
2DDC
0x
2DE0
0x
2DE4
0x
2DE8
0x
2DEC
0x
2DF0
0x
2DF4
0x
2DF8
0x
2DFC
0x
2E00
0x
2E04
0x
2E08
0x
2E0C
0x
2E10
0x
2E14
0x
2E18
0x
2E1C
0x
2E20
0x
2E24
0x
2E28
0x
2E2C
0x
2E30
0x
2E34
0x
2E38
0x
2E3C
0x
2E40
0x
2E44
0x
2E48
0x
2E4C
0x
2E50
0x
2E54
0x
2E58
0x
2E5C
0x
2E60
0x
2E64
0x
2E68
0x
2E6C
0x
2E70
0x
2E74
0x
2E78
0x
2E7C
0x
2E80
0x
2E84
0x
2E88
0x
2E8C
0x
2E90
0x
2E94
0x
2E98
0x
2E9C
0x
2EA0
0x
2EA4
0x
2EA8
0x
2EAC
0x
2EB0
0x
2EB4
0x
2EB8
0x
2EBC
0x
2EC0
0x
2EC4
0x
2EC8
0x
2ECC
0x
2ED0
0x
2ED4
0x
2ED8
0x
2EDC
0x
2EE0
0x
2EE4
0x
2EE8
0x
2EEC
0x
2EF0
0x
2EF4
0x
2EF8
0x
2EFC
0x
2F00
0x
2F04
0x
2F08
0x
2F0C
0x
2F10
0x
2F14
0x
2F18
0x
2F1C
0x
2F20
0x
2F24
0x
2F28
0x
2F2C
0x
2F30
0x
2F34
0x
2F38
0x
2F3C
0x
2F40
0x
2F44
0x
2F48
0x
2F4C
0x
2F50
0x
2F54
0x
2F58
0x
2F5C
0x
2F60
0x
2F64
0x
2F68
0x
2F6C
0x
2F70
0x
2F74
0x
2F78
0x
2F7C
0x
2F80
0x
2F84
0x
2F88
0x
2F8C
0x
2F90
0x
2F94
0x
2F98
0x
2F9C
0x
2FA0
0x
2FA4
0x
2FA8
0x
2FAC
0x
2FB0
0x
2FB4
0x
2FB8
0x
2FBC
0x
2FC0
0x
2FC4
0x
2FC8
0x
2FCC
0x
2FD0
0x
2FD4
0x
2FD8
0x
2FDC
0x
2FE0
0x
2FE4
0x
2FE8
0x
2FEC
0x
2FF0
0x
2FF4
0x
2FF8
0x
2FFC
0x
2180
0x
22A4
0x
2054
0x
2018
0x
2188
0x
2030
0x
219C
0x
2028
0x
3008
0x
300C
0x
3010
0x
3014
0x
3018
0x
301C
0x
3020
0x
3024
0x
3030
0x
3034
0x
3038
0x
303C
0x
3040
0x
3044
0x
3048
0x
304C
0x
3050
0x
3054
0x
3058
0x
305C
0x
3060
0x
3064
0x
3068
0x
306C
0x
3070
0x
3074
0x
3078
0x
307C
0x
3080
0x
3084
0x
3088
0x
308C
0x
3090
0x
3098
0x
309C
0x
30A0
0x
30A4
0x
30A8
0x
30AC
0x
30B0
0x
30B4
0x
30B8
0x
30BC
0x
30C0
0x
30C4
0x
30C8
0x
30CC
0x
30D0
0x
30D4
0x
30D8
0x
30DC
0x
30E0
0x
30E4
0x
30E8
0x
30EC
0x
30F0
0x
30F4
0x
30F8
0x
30FC
0x
3100
0x
3104
0x
3108
0x
310C
0x
3110
0x
3114
0x
3118
0x
311C
0x
3120
0x
3128
0x
312C
0x
3130
0x
3134
0x
3138
0x
3140
0x
3144
0x
3148
0x
314C
0x
3150
0x
3154
0x
3158
0x
315C
0x
3160
0x
316C
0x
3170
0x
3174
0x
3178
0x
317C
0x
3180
0x
3184
0x
3188
0x
318C
0x
3190
0x
3194
0x
3198
0x
319C
0x
31A0
0x
31A4
0x
31A8
0x
31AC
0x
31B0
0x
31B4
0x
31B8
0x
31BC
0x
31C0
0x
31C4
0x
31C8
0x
31CC
0x
31D0
0x
31D4
0x
31D8
0x
31DC
0x
31E4
0x
31E8
0x
31EC
0x
31F0
0x
31F4
0x
31F8
0x
31FC
0x
321C
0x
3220
0x
3224
0x
3228
0x
322C
0x
3230
0x
3234
0x
3238
0x
323C
0x
3240
0x
3244
0x
3248
0x
324C
0x
3250
0x
3254
0x
3258
0x
325C
0x
3260
0x
3264
0x
3268
0x
326C
0x
3270
0x
3274
0x
3278
0x
327C
0x
3280
0x
3284
0x
3288
0x
328C
0x
3290
0x
3294
0x
3298
0x
329C
0x
32A0
0x
32A4
0x
32A8
0x
32AC
0x
32B0
0x
32B4
0x
32B8
0x
32BC
0x
32C0
0x
32C4
0x
32C8
0x
32D4
0x
32D8
0x
32DC
0x
32E0
0x
32E4
0x
32E8
0x
32EC
0x
32F0
0x
32F4
0x
32F8
0x
32FC
0x
3300
0x
3304
0x
3308
0x
330C
0x
3310
0x
3314
0x
3318
0x
331C
0x
3320
0x
3324
0x
3328
0x
332C
0x
3330
0x
3334
0x
333C
0x
3340
0x
3344
0x
3348
0x
334C
0x
3350
0x
3354
0x
3358
0x
335C
0x
3360
0x
3364
0x
3368
0x
336C
0x
3370
0x
3374
0x
3378
0x
337C
0x
3380
0x
3384
0x
3388
0x
338C
0x
3390
0x
3394
0x
3398
0x
339C
0x
33A0
0x
33A4
0x
33A8
0x
33AC
0x
33B0
0x
33B4
0x
33B8
0x
33BC
0x
33C0
0x
33C4
0x
33C8
0x
33CC
0x
33D0
0x
33D4
0x
33D8
0x
33DC
0x
33E0
0x
33E4
0x
33E8
0x
33EC
0x
33F0
0x
33F4
0x
33F8
0x
33FC
0x
2C40
0x
2038
0x
2E20
0x
3004
0x
2EDC
0x
3404
0x
3408
0x
3410
0x
3414
0x
3418
0x
341C
0x
3420
0x
3424
0x
3428
0x
342C
0x
3430
0x
3434
0x
3438
0x
343C
0x
3440
0x
3444
0x
3448
0x
344C
0x
3450
0x
3454
0x
3458
0x
345C
0x
3460
0x
3464
0x
3468
0x
346C
0x
3470
0x
3474
0x
3478
0x
347C
0x
3480
0x
3484
0x
3488
0x
348C
0x
3490
0x
3494
0x
3498
0x
349C
0x
34A0
0x
34A4
0x
34A8
0x
34AC
0x
34B0
0x
34B4
0x
34B8
0x
34BC
0x
34C0
0x
34C4
0x
34C8
0x
34CC
0x
34D0
0x
34D4
0x
34D8
0x
34DC
0x
34E0
0x
34E4
0x
34E8
0x
34EC
0x
34F0
0x
34F4
0x
34F8
0x
34FC
0x
3500
0x
3504
0x
3508
0x
350C
0x
3510
0x
3514
0x
3518
0x
351C
0x
3520
0x
3524
0x
3528
0x
352C
0x
3530
0x
3534
0x
3538
0x
353C
0x
3540
0x
3544
0x
3548
0x
354C
0x
3550
0x
3554
0x
3558
0x
355C
0x
3560
0x
3564
0x
3568
0x
356C
0x
3570
0x
3574
0x
3578
0x
357C
0x
3580
0x
3584
0x
3588
0x
358C
0x
3590
0x
3594
0x
3598
0x
359C
0x
35A0
0x
35A4
0x
35A8
0x
35AC
0x
35B0
0x
35B4
0x
35B8
0x
35BC
0x
35C0
0x
35C4
0x
35C8
0x
35CC
0x
35D0
0x
35D4
0x
35D8
0x
35DC
0x
35E0
0x
35E4
0x
35E8
0x
35EC
0x
35F0
0x
35F4
0x
35F8
0x
35FC
0x
3600
0x
3604
0x
3608
0x
360C
0x
3610
0x
3614
0x
3618
0x
361C
0x
3620
0x
3624
0x
3628
0x
362C
0x
3630
0x
3634
0x
3638
0x
363C
0x
3640
0x
3644
0x
3648
0x
364C
0x
3650
0x
3654
0x
3658
0x
365C
0x
3660
0x
3664
0x
3668
0x
366C
0x
3670
0x
3674
0x
3678
0x
367C
0x
3680
0x
3684
0x
3688
0x
368C
0x
3690
0x
3694
0x
3698
0x
369C
0x
36A0
0x
36A4
0x
36A8
0x
36AC
0x
36B0
0x
36B8
0x
36BC
0x
36C0
0x
36C4
0x
36C8
0x
36CC
0x
36D0
0x
36D4
0x
36D8
0x
36DC
0x
36E0
0x
36E4
0x
36E8
0x
36EC
0x
36F0
0x
36F4
0x
36F8
0x
36FC
0x
3700
0x
3704
0x
3708
0x
370C
0x
3710
0x
3714
0x
3718
0x
371C
0x
3720
0x
3724
0x
3728
0x
372C
0x
3730
0x
3734
0x
3738
0x
373C
0x
3740
0x
3744
0x
3748
0x
374C
0x
3750
0x
3754
0x
3758
0x
375C
0x
3760
0x
3764
0x
3768
0x
376C
0x
3770
0x
3774
0x
3778
0x
377C
0x
3780
0x
3784
0x
3788
0x
378C
0x
3790
0x
3794
0x
3798
0x
379C
0x
37A0
0x
37A4
0x
37A8
0x
37AC
0x
37B0
0x
37B4
0x
37B8
0x
37BC
0x
37C0
0x
37C4
0x
37C8
0x
37CC
0x
37D0
0x
37D4
0x
37D8
0x
37DC
0x
37E0
0x
37E4
0x
37E8
0x
37EC
0x
37F0
0x
37F4
0x
37F8
0x
37FC
0x
F68
0x
3338
0x
D90
0x
320C
0x
3208
0x
37C
0x
3218
0x
32D0
0x
3214
0x
21A0
0x
3094
0x
3200
0x
3804
0x
3808
0x
380C
0x
3810
0x
3814
0x
3818
0x
381C
0x
3820
0x
3824
0x
3828
0x
382C
0x
3830
0x
3834
0x
3838
0x
383C
0x
3840
0x
3844
0x
3848
0x
384C
0x
3850
0x
3854
0x
3858
0x
385C
0x
3860
0x
3864
0x
3868
0x
386C
0x
3870
0x
3874
0x
3878
0x
387C
0x
3880
0x
3884
0x
3888
0x
388C
0x
3890
0x
3894
0x
3898
0x
389C
0x
38A0
0x
38A4
0x
38A8
0x
38AC
0x
38B0
0x
38B4
0x
38B8
0x
38BC
0x
38C0
0x
38C4
0x
38C8
0x
38CC
0x
38D0
0x
38D4
0x
38D8
0x
38DC
0x
38E0
0x
38E4
0x
38E8
0x
38EC
0x
38F0
0x
38F4
0x
38F8
0x
38FC
0x
3900
0x
3904
0x
3908
0x
390C
0x
3910
0x
3914
0x
3918
0x
391C
0x
3920
0x
3924
0x
3928
0x
392C
0x
3930
0x
3934
0x
3938
0x
393C
0x
3940
0x
3944
0x
3948
0x
394C
0x
3950
0x
3954
0x
3958
0x
395C
0x
3960
0x
3964
0x
3968
0x
396C
0x
3970
0x
3974
0x
3978
0x
397C
0x
3980
0x
3984
0x
3988
0x
398C
0x
3990
0x
3994
0x
3998
0x
399C
0x
39A0
0x
39A4
0x
39A8
0x
39AC
0x
39B0
0x
39B4
0x
39B8
0x
39BC
0x
39C0
0x
39C4
0x
39C8
0x
39CC
0x
39D0
0x
39D4
0x
39D8
0x
39DC
0x
39E0
0x
39E4
0x
39E8
0x
39EC
0x
39F0
0x
39F4
0x
39F8
0x
39FC
0x
3A00
0x
3A04
0x
3A08
0x
3A0C
0x
3A10
0x
3A14
0x
3A18
0x
3A1C
0x
3A20
0x
3A24
0x
3A28
0x
3A2C
0x
3A30
0x
3A34
0x
3A38
0x
3A3C
0x
3A40
0x
3A44
0x
3A48
0x
3A4C
0x
3A50
0x
3A54
0x
3A58
0x
3A5C
0x
3A60
0x
3A64
0x
3A68
0x
3A6C
0x
3A70
0x
3A74
0x
3A78
0x
3A7C
0x
3A80
0x
3A84
0x
3A88
0x
3A8C
0x
3A90
0x
3A94
0x
3A98
0x
3A9C
0x
3AA0
0x
3AA4
0x
3AA8
0x
3AAC
0x
3AB0
0x
3AB4
0x
3AB8
0x
3ABC
0x
3AC0
0x
3AC4
0x
3AC8
0x
3ACC
0x
3AD0
0x
3AD4
0x
3AD8
0x
3ADC
0x
3AE0
0x
3AE4
0x
3AE8
0x
3AEC
0x
3AF0
0x
3AF4
0x
3AF8
0x
3AFC
0x
3B00
0x
3B04
0x
3B08
0x
3B0C
0x
3B10
0x
3B14
0x
3B18
0x
3B1C
0x
3B20
0x
3B24
0x
3B28
0x
3B2C
0x
3B30
0x
3B34
0x
3B38
0x
3B3C
0x
3B40
0x
3B44
0x
3B48
0x
3B4C
0x
3B50
0x
3B54
0x
3B58
0x
3B5C
0x
3B60
0x
3B64
0x
3B68
0x
3B6C
0x
3B70
0x
3B74
0x
3B78
0x
3B7C
0x
3B80
0x
3B84
0x
3B88
0x
3B8C
0x
3B90
0x
3B94
0x
3B98
0x
3B9C
0x
3BA0
0x
3BA4
0x
3BA8
0x
3BAC
0x
3BB0
0x
3BB4
0x
3BB8
0x
3BBC
0x
3BC0
0x
3BC4
0x
3BC8
0x
3BCC
0x
3BD0
0x
3BD4
0x
3BD8
0x
3BDC
0x
3BE0
0x
3BE4
0x
3BE8
0x
3BEC
0x
3BF0
0x
3BF4
0x
3BF8
0x
3BFC
0x
313C
0x
3204
0x
3124
0x
2020
0x
3168
0x
1CA4
0x
3164
0x
3028
0x
31E0
0x
2044
0x
302C
0x
1CA0
0x
7A0
0x
3C04
0x
3C08
0x
3C0C
0x
3C10
0x
3C14
0x
3C18
0x
3C1C
0x
3C20
0x
3C24
0x
3C28
0x
3C2C
0x
3C30
0x
3C34
0x
3C38
0x
3C3C
0x
3C40
0x
3C44
0x
3C48
0x
3C4C
0x
3C50
0x
3C54
0x
3C58
0x
3C5C
0x
3C60
0x
3C64
0x
3C68
0x
3C6C
0x
3C70
0x
3C74
0x
3C78
0x
3C7C
0x
3C80
0x
3C84
0x
3C88
0x
3C8C
0x
3C90
0x
3C94
0x
3C98
0x
3C9C
0x
3CA0
0x
3CA4
0x
3CA8
0x
3CAC
0x
3CB0
0x
3CB4
0x
3CB8
0x
3CBC
0x
3CC0
0x
3CC4
0x
3CC8
0x
3CCC
0x
3CD0
0x
3CD4
0x
3CD8
0x
3CDC
0x
3CE0
0x
3CE4
0x
3CE8
0x
3CEC
0x
3CF0
0x
3CF4
0x
3CF8
0x
3CFC
0x
3D00
0x
3D04
0x
3D08
0x
3D0C
0x
3D10
0x
3D14
0x
3D18
0x
3D1C
0x
3D20
0x
3D24
0x
3D28
0x
3D2C
0x
3D30
0x
3D34
0x
3D38
0x
3D3C
0x
3D40
0x
3D44
0x
3D48
0x
3D4C
0x
3D50
0x
3D54
0x
3D58
0x
3D5C
0x
3D60
0x
3D64
0x
3D68
0x
3D6C
0x
3D70
0x
3D74
0x
3D78
0x
3D7C
0x
3D80
0x
3D84
0x
3D88
0x
3D8C
0x
3D90
0x
3D94
0x
3D98
0x
3D9C
0x
3DA0
0x
3DA4
0x
3DA8
0x
3DAC
0x
3DB0
0x
3DB4
0x
3DB8
0x
3DBC
0x
3DC0
0x
3DC4
0x
3DC8
0x
3DCC
0x
3DD0
0x
3DD4
0x
3DD8
0x
3DDC
0x
3DE0
0x
3DE4
0x
3DE8
0x
3DEC
0x
3DF0
0x
3DF4
0x
3DF8
0x
3DFC
0x
3E00
0x
3E04
0x
3E08
0x
3E0C
0x
3E10
0x
3E14
0x
3E18
0x
3E1C
0x
3E20
0x
3E24
0x
3E28
0x
3E2C
0x
3E30
0x
3E34
0x
3E38
0x
3E3C
0x
3E40
0x
3E44
0x
3E48
0x
3E4C
0x
3E50
0x
3E54
0x
3E58
0x
3E5C
0x
3E60
0x
3E64
0x
3E68
0x
3E6C
0x
3E70
0x
3E74
0x
3E78
0x
3E7C
0x
3E80
0x
3E84
0x
3E88
0x
3E8C
0x
3E90
0x
3E94
0x
3E98
0x
3E9C
0x
3EA0
0x
3EA4
0x
3EA8
0x
3EAC
0x
3EB0
0x
3EB4
0x
3EB8
0x
3EBC
0x
3EC0
0x
3EC4
0x
3EC8
0x
3ECC
0x
3ED0
0x
3ED4
0x
3ED8
0x
3EDC
0x
3EE0
0x
3EE4
0x
3EE8
0x
3EEC
0x
3EF0
0x
3EF4
0x
3EF8
0x
3EFC
0x
3F00
0x
3F04
0x
3F08
0x
3F0C
0x
3F10
0x
3F14
0x
3F18
0x
3F1C
0x
3F20
0x
3F24
0x
3F28
0x
3F2C
0x
3F30
0x
3F34
0x
3F38
0x
3F3C
0x
3F40
0x
3F44
0x
3F48
0x
3F4C
0x
3F50
0x
3F54
0x
3F58
0x
3F5C
0x
3F60
0x
3F64
0x
3F68
0x
3F6C
0x
3F70
0x
3F74
0x
3F78
0x
3F7C
0x
3F80
0x
3F84
0x
3F88
0x
3F8C
0x
3F90
0x
3F94
0x
3F98
0x
3F9C
0x
3FA0
0x
3FA4
0x
3FA8
0x
3FAC
0x
3FB0
0x
3FB4
0x
3FB8
0x
3FBC
0x
3FC0
0x
3FC4
0x
3FC8
0x
3FCC
0x
3FD0
0x
3FD4
0x
3FD8
0x
3FDC
0x
3FE0
0x
3FE4
0x
3FE8
0x
3FEC
0x
3FF0
0x
3FF4
0x
3FF8
0x
3FFC
0x
4004
0x
4008
0x
400C
0x
4010
0x
4014
0x
4018
0x
401C
0x
4020
0x
4024
0x
4028
0x
402C
0x
4030
0x
4034
0x
4038
0x
403C
0x
4040
0x
4044
0x
4048
0x
404C
0x
4050
0x
4054
0x
4058
0x
405C
0x
4060
0x
4064
0x
4068
0x
406C
0x
4070
0x
4074
0x
4078
0x
407C
0x
4080
0x
4084
0x
4088
0x
408C
0x
4090
0x
4094
0x
4098
0x
409C
0x
40A0
0x
40A4
0x
40A8
0x
40AC
0x
40B0
0x
40B4
0x
40B8
0x
40BC
0x
40C0
0x
40C4
0x
40C8
0x
40CC
0x
40D0
0x
40D4
0x
40D8
0x
40DC
0x
40E0
0x
40E4
0x
40E8
0x
40EC
0x
40F0
0x
40F4
0x
40F8
0x
40FC
0x
4100
0x
4104
0x
4108
0x
410C
0x
4110
0x
4114
0x
4118
0x
411C
0x
4120
0x
4124
0x
4128
0x
412C
0x
4130
0x
4134
0x
4138
0x
413C
0x
4140
0x
4144
0x
4148
0x
414C
0x
4150
0x
4154
0x
4158
0x
415C
0x
4160
0x
4164
0x
4168
0x
416C
0x
4170
0x
4174
0x
4178
0x
417C
0x
4180
0x
4184
0x
4188
0x
418C
0x
4190
0x
4194
0x
4198
0x
419C
0x
41A0
0x
41A4
0x
41A8
0x
41B0
0x
41B4
0x
41B8
0x
41BC
0x
41C0
0x
41C4
0x
41C8
0x
41CC
0x
41D0
0x
41D4
0x
41D8
0x
41DC
0x
41E0
0x
41E4
0x
41E8
0x
41EC
0x
41F0
0x
41F4
0x
41F8
0x
41FC
0x
4200
0x
4204
0x
4208
0x
420C
0x
4210
0x
4214
0x
4218
0x
421C
0x
4220
0x
4224
0x
4228
0x
422C
0x
4230
0x
4234
0x
4238
0x
423C
0x
4240
0x
4244
0x
4248
0x
424C
0x
4250
0x
4254
0x
4258
0x
425C
0x
4260
0x
4264
0x
4268
0x
426C
0x
4270
0x
4274
0x
4278
0x
427C
0x
4280
0x
4284
0x
4288
0x
428C
0x
4290
0x
4294
0x
4298
0x
429C
0x
42A0
0x
42A4
0x
42A8
0x
42AC
0x
42B0
0x
42B4
0x
42B8
0x
42BC
0x
42C0
0x
42C4
0x
42C8
0x
42CC
0x
42D0
0x
42D4
0x
42D8
0x
42DC
0x
42E0
0x
42E4
0x
42E8
0x
42EC
0x
42F0
0x
42F4
0x
42F8
0x
42FC
0x
4300
0x
4304
0x
4308
0x
430C
0x
4310
0x
4314
0x
4318
0x
431C
0x
4320
0x
4324
0x
4328
0x
432C
0x
4330
0x
4334
0x
4338
0x
433C
0x
439C
0x
43A0
0x
43A4
0x
43A8
0x
43AC
0x
43B0
0x
43B4
0x
43B8
0x
43BC
0x
43C0
0x
43C4
0x
43C8
0x
43CC
0x
43D0
0x
43D4
0x
43D8
0x
43DC
0x
43E0
0x
43E4
0x
43E8
0x
43EC
0x
43F0
0x
43F4
0x
43F8
0x
43FC
0x
BF8
0x
A0C
0x
734
0x
61C
0x
4250
0x
4354
0x
4364
0x
4220
0x
4404
0x
4408
0x
440C
0x
4410
0x
4414
0x
4418
0x
441C
0x
4420
0x
4424
0x
4428
0x
4434
0x
4438
0x
443C
0x
4444
0x
4448
0x
444C
0x
4450
0x
4454
0x
4458
0x
445C
0x
4460
0x
4464
0x
4468
0x
446C
0x
4470
0x
4474
0x
4478
0x
4480
0x
4484
0x
4488
0x
448C
0x
4490
0x
4494
0x
4498
0x
449C
0x
44A0
0x
44A4
0x
44A8
0x
44AC
0x
44B0
0x
44B4
0x
44B8
0x
44BC
0x
44C0
0x
44C4
0x
44C8
0x
44CC
0x
44D0
0x
44D4
0x
44D8
0x
44DC
0x
44E0
0x
44E4
0x
44E8
0x
44EC
0x
44F0
0x
44FC
0x
4500
0x
4504
0x
4508
0x
450C
0x
4510
0x
4514
0x
4518
0x
451C
0x
4520
0x
4524
0x
4528
0x
452C
0x
4530
0x
4534
0x
4538
0x
453C
0x
4540
0x
4544
0x
4548
0x
454C
0x
4550
0x
4554
0x
4558
0x
455C
0x
4560
0x
4564
0x
4568
0x
456C
0x
4570
0x
4574
0x
4578
0x
457C
0x
4580
0x
4584
0x
4588
0x
458C
0x
4590
0x
4594
0x
4598
0x
459C
0x
45A0
0x
45A4
0x
45A8
0x
45AC
0x
45B0
0x
45B4
0x
45B8
0x
45BC
0x
45C0
0x
45C4
0x
45C8
0x
45CC
0x
45D0
0x
45D4
0x
45D8
0x
45DC
0x
45E0
0x
45E4
0x
45E8
0x
45EC
0x
45F0
0x
45F4
0x
45F8
0x
45FC
0x
4600
0x
4604
0x
4608
0x
460C
0x
4610
0x
4614
0x
4618
0x
461C
0x
4620
0x
4624
0x
4628
0x
462C
0x
4630
0x
4634
0x
4638
0x
463C
0x
4640
0x
4644
0x
4648
0x
464C
0x
4650
0x
4654
0x
4658
0x
465C
0x
4660
0x
4664
0x
4668
0x
466C
0x
4670
0x
4674
0x
4678
0x
467C
0x
4680
0x
4684
0x
4688
0x
468C
0x
4690
0x
4694
0x
4698
0x
469C
0x
46A0
0x
46A4
0x
46A8
0x
46AC
0x
46B0
0x
46B4
0x
46B8
0x
46BC
0x
46C0
0x
46C4
0x
46C8
0x
46CC
0x
46D0
0x
46D4
0x
46D8
0x
46DC
0x
46E0
0x
46E4
0x
46E8
0x
46EC
0x
46F0
0x
46F4
0x
46F8
0x
46FC
0x
4700
0x
4704
0x
4708
0x
470C
0x
4710
0x
4714
0x
4718
0x
471C
0x
4720
0x
4724
0x
4728
0x
472C
0x
4730
0x
4734
0x
4738
0x
473C
0x
4740
0x
4744
0x
4748
0x
474C
0x
4750
0x
4754
0x
4758
0x
475C
0x
4760
0x
4764
0x
4768
0x
476C
0x
4770
0x
4774
0x
4778
0x
477C
0x
4780
0x
4784
0x
4788
0x
478C
0x
4790
0x
4794
0x
4798
0x
479C
0x
47A0
0x
47A4
0x
47A8
0x
47AC
0x
47B0
0x
47B4
0x
47B8
0x
47BC
0x
47C0
0x
47C4
0x
47C8
0x
47CC
0x
47D0
0x
47D4
0x
47D8
0x
47DC
0x
47E0
0x
47E4
0x
47E8
0x
47EC
0x
47F0
0x
47F4
0x
47F8
0x
47FC
0x
442C
0x
6BC
0x
7A8
0x
155C
0x
47C
0x
4804
0x
4808
0x
480C
0x
4810
0x
4814
0x
4818
0x
481C
0x
4820
0x
4824
0x
4834
0x
4838
0x
483C
0x
4840
0x
4844
0x
4848
0x
484C
0x
4850
0x
4854
0x
4858
0x
485C
0x
4860
0x
4864
0x
4868
0x
486C
0x
4878
0x
487C
0x
4880
0x
4884
0x
4888
0x
488C
0x
4890
0x
4894
0x
4898
0x
489C
0x
48A0
0x
48A4
0x
48A8
0x
48AC
0x
48B0
0x
48B4
0x
48B8
0x
48BC
0x
48C0
0x
48C4
0x
48C8
0x
48CC
0x
48D0
0x
48D4
0x
48D8
0x
48DC
0x
48E0
0x
48E4
0x
48E8
0x
48EC
0x
48F0
0x
48F4
0x
48F8
0x
48FC
0x
4900
0x
4904
0x
4908
0x
490C
0x
4910
0x
4914
0x
4920
0x
4924
0x
4928
0x
492C
0x
4930
0x
4934
0x
4938
0x
493C
0x
4940
0x
4944
0x
4948
0x
494C
0x
4950
0x
4954
0x
4958
0x
495C
0x
4960
0x
4964
0x
4968
0x
496C
0x
4970
0x
4974
0x
4978
0x
497C
0x
4980
0x
4984
0x
4988
0x
498C
0x
4990
0x
4994
0x
4998
0x
499C
0x
49A0
0x
49A4
0x
49A8
0x
49AC
0x
49B0
0x
49B4
0x
49B8
0x
49BC
0x
49C0
0x
49C4
0x
49C8
0x
49CC
0x
49D0
0x
49D4
0x
49D8
0x
49DC
0x
49E0
0x
49E4
0x
49F0
0x
49F4
0x
49F8
0x
49FC
0x
4A00
0x
4A04
0x
4A08
0x
4A0C
0x
4A18
0x
4A1C
0x
4A20
0x
4A24
0x
4A28
0x
4A2C
0x
4A30
0x
4A34
0x
4A38
0x
4A3C
0x
4A40
0x
4A44
0x
4A48
0x
4A4C
0x
4A50
0x
4A54
0x
4A58
0x
4A5C
0x
4A60
0x
4A64
0x
4A68
0x
4A6C
0x
4A70
0x
4A74
0x
4A78
0x
4A7C
0x
4A80
0x
4A84
0x
4A88
0x
4A8C
0x
4A90
0x
4A94
0x
4A98
0x
4A9C
0x
4AA0
0x
4AA4
0x
4AA8
0x
4AB0
0x
4AB4
0x
4AB8
0x
4ABC
0x
4AC0
0x
4AC4
0x
4AC8
0x
4ACC
0x
4AD0
0x
4AD4
0x
4AD8
0x
4ADC
0x
4AE0
0x
4AE8
0x
4AEC
0x
4AF0
0x
4AF4
0x
4AF8
0x
4AFC
0x
4B00
0x
4B04
0x
4B08
0x
4B0C
0x
4B10
0x
4B14
0x
4B18
0x
4B1C
0x
4B20
0x
4B24
0x
4B28
0x
4B2C
0x
4B30
0x
4B34
0x
4B38
0x
4B3C
0x
4B40
0x
4B44
0x
4B48
0x
4B4C
0x
4B50
0x
4B54
0x
4B58
0x
4B5C
0x
4B60
0x
4B64
0x
4B68
0x
4B6C
0x
4B70
0x
4B74
0x
4B78
0x
4B7C
0x
4B80
0x
4B84
0x
4B88
0x
4B8C
0x
4B90
0x
4B94
0x
4B98
0x
4B9C
0x
4BA0
0x
4BA4
0x
4BA8
0x
4BAC
0x
4BB0
0x
4BB4
0x
4BB8
0x
4BBC
0x
4BC0
0x
4BC4
0x
4BC8
0x
4BCC
0x
4BD0
0x
4BD4
0x
4BD8
0x
4BDC
0x
4BE0
0x
4BE4
0x
4BE8
0x
4BEC
0x
4BF0
0x
4BF4
0x
4BF8
0x
4BFC
0x
1048
0x
104C
0x
4390
0x
57C
0x
4344
0x
1C74
0x
436C
0x
4384
0x
1C9C
0x
4398
0x
4440
0x
4374
0x
4394
0x
434C
0x
4340
0x
435C
0x
4370
0x
4388
0x
4378
0x
4358
0x
4350
0x
438C
0x
49EC
0x
4C04
0x
4C08
0x
4C0C
0x
4C10
0x
4C14
0x
4C18
0x
4C1C
0x
4C20
0x
4C24
0x
4C28
0x
4C2C
0x
4C30
0x
4C34
0x
4C38
0x
4C3C
0x
4C40
0x
4C44
0x
4C48
0x
4C4C
0x
4C50
0x
4C54
0x
4C58
0x
4C5C
0x
4C60
0x
4C64
0x
4C68
0x
4C6C
0x
4C70
0x
4C74
0x
4C78
0x
4C7C
0x
4C90
0x
4C94
0x
4C98
0x
4C9C
0x
4CA0
0x
4CA4
0x
4CA8
0x
4CAC
0x
4CB0
0x
4CB4
0x
4CB8
0x
4CBC
0x
4CC0
0x
4CC4
0x
4CC8
0x
4CCC
0x
4CD0
0x
4CD4
0x
4CD8
0x
4CDC
0x
4CE0
0x
4CE4
0x
4CE8
0x
4CEC
0x
4CF0
0x
4CF4
0x
4CF8
0x
4CFC
0x
4D00
0x
4D04
0x
4D14
0x
4D18
0x
4D1C
0x
4D20
0x
4D24
0x
4D28
0x
4D2C
0x
4D30
0x
4D34
0x
4D38
0x
4D3C
0x
4D40
0x
4D44
0x
4D48
0x
4D4C
0x
4D50
0x
4D54
0x
4D58
0x
4D5C
0x
4D60
0x
4D64
0x
4D68
0x
4D6C
0x
4D70
0x
4D74
0x
4D78
0x
4D7C
0x
4D80
0x
4D84
0x
4D88
0x
4D8C
0x
4D90
0x
4D94
0x
4D98
0x
4D9C
0x
4DA4
0x
4DA8
0x
4DAC
0x
4DB0
0x
4DB4
0x
4DB8
0x
4DBC
0x
4DC0
0x
4DC4
0x
4DC8
0x
4DCC
0x
4DD0
0x
4DD4
0x
4DD8
0x
4DDC
0x
4DE0
0x
4DE4
0x
4DE8
0x
4DEC
0x
4DF0
0x
4DF4
0x
4DF8
0x
4DFC
0x
4E00
0x
4E04
0x
4E08
0x
4E0C
0x
4E10
0x
4E14
0x
4E18
0x
4E1C
0x
4E20
0x
4E24
0x
4E28
0x
4E2C
0x
4E30
0x
4E34
0x
4E38
0x
4E3C
0x
4E40
0x
4E44
0x
4E48
0x
4E4C
0x
4E50
0x
4E54
0x
4E58
0x
4E5C
0x
4E60
0x
4E64
0x
4E68
0x
4E6C
0x
4E70
0x
4E74
0x
4E78
0x
4E7C
0x
4E80
0x
4E84
0x
4E88
0x
4E8C
0x
4E90
0x
4E94
0x
4E98
0x
4E9C
0x
4EA0
0x
4EA4
0x
4EA8
0x
4EAC
0x
4EB4
0x
4EB8
0x
4EBC
0x
4EC0
0x
4EC4
0x
4EC8
0x
4ECC
0x
4ED0
0x
4ED4
0x
4ED8
0x
4EDC
0x
4EE0
0x
4EE4
0x
4EE8
0x
4EEC
0x
4EF0
0x
4EF4
0x
4EF8
0x
4EFC
0x
4F00
0x
4F04
0x
4F08
0x
4F0C
0x
4F10
0x
4F14
0x
4F18
0x
4F1C
0x
4F20
0x
4F24
0x
4F28
0x
4F2C
0x
4F30
0x
4F34
0x
4F38
0x
4F3C
0x
4F40
0x
4F44
0x
4F4C
0x
4F50
0x
4F54
0x
4F58
0x
4F5C
0x
4F60
0x
4F64
0x
4F68
0x
4F6C
0x
4F70
0x
4F74
0x
4F78
0x
4F7C
0x
4F80
0x
4F84
0x
4F88
0x
4F8C
0x
4F90
0x
4F94
0x
4F98
0x
4F9C
0x
4FA0
0x
4FA4
0x
4FA8
0x
4FAC
0x
4FB0
0x
4FB4
0x
4FB8
0x
4FBC
0x
4FC0
0x
4FC4
0x
4FC8
0x
4FCC
0x
4FD0
0x
4FD4
0x
4FD8
0x
4FDC
0x
4FE0
0x
4FE4
0x
4FE8
0x
4FEC
0x
4FF0
0x
4FF4
0x
4FF8
0x
4FFC
0x
4C8C
0x
4D0C
0x
5004
0x
5008
0x
500C
0x
5010
0x
5014
0x
5018
0x
501C
0x
5020
0x
5024
0x
5028
0x
502C
0x
5030
0x
5034
0x
5038
0x
503C
0x
5040
0x
5044
0x
5048
0x
504C
0x
5050
0x
5054
0x
5058
0x
505C
0x
5060
0x
5064
0x
5068
0x
506C
0x
5070
0x
5074
0x
5078
0x
507C
0x
5080
0x
5084
0x
5088
0x
508C
0x
5090
0x
5094
0x
5098
0x
509C
0x
50A0
0x
50A4
0x
50A8
0x
50AC
0x
50B0
0x
50B4
0x
50B8
0x
50BC
0x
50C0
0x
50C4
0x
50C8
0x
50CC
0x
50D0
0x
50D4
0x
50D8
0x
50DC
0x
50E0
0x
50E4
0x
50E8
0x
50EC
0x
50F0
0x
50F4
0x
50F8
0x
5100
0x
5104
0x
5108
0x
510C
0x
5110
0x
5114
0x
5118
0x
511C
0x
5120
0x
5124
0x
5128
0x
512C
0x
5130
0x
5134
0x
5138
0x
513C
0x
5140
0x
5144
0x
5148
0x
514C
0x
5150
0x
5154
0x
5158
0x
515C
0x
5160
0x
5164
0x
5168
0x
516C
0x
5170
0x
5174
0x
5178
0x
517C
0x
5180
0x
5184
0x
5188
0x
518C
0x
5190
0x
5194
0x
51A0
0x
51A4
0x
51A8
0x
51AC
0x
51B0
0x
51B4
0x
51B8
0x
51BC
0x
51C0
0x
51C4
0x
51C8
0x
51CC
0x
51D0
0x
51D4
0x
51D8
0x
51DC
0x
51E0
0x
51E4
0x
51E8
0x
51EC
0x
51F0
0x
51F4
0x
51F8
0x
51FC
0x
5200
0x
5204
0x
5208
0x
520C
0x
5210
0x
5214
0x
5224
0x
5228
0x
522C
0x
5230
0x
5234
0x
5238
0x
523C
0x
5240
0x
5244
0x
5248
0x
524C
0x
5250
0x
5254
0x
5258
0x
525C
0x
5260
0x
5264
0x
5268
0x
526C
0x
5270
0x
5274
0x
5278
0x
527C
0x
5280
0x
5284
0x
5288
0x
528C
0x
5290
0x
5294
0x
5298
0x
529C
0x
52A0
0x
52A4
0x
52A8
0x
52AC
0x
52B0
0x
52B4
0x
52B8
0x
52BC
0x
52C0
0x
52C4
0x
52C8
0x
52CC
0x
52D0
0x
52D4
0x
52D8
0x
52DC
0x
52E0
0x
52E4
0x
52E8
0x
52EC
0x
52F0
0x
52F4
0x
52F8
0x
52FC
0x
5300
0x
5304
0x
5308
0x
530C
0x
5310
0x
5314
0x
5318
0x
531C
0x
5320
0x
5324
0x
5328
0x
532C
0x
5330
0x
5334
0x
5338
0x
533C
0x
5340
0x
5344
0x
5348
0x
534C
0x
5350
0x
5354
0x
5358
0x
535C
0x
5360
0x
5364
0x
5368
0x
536C
0x
5370
0x
5374
0x
5378
0x
537C
0x
5380
0x
5384
0x
5388
0x
538C
0x
5390
0x
5394
0x
5398
0x
539C
0x
53A0
0x
53A4
0x
53A8
0x
53AC
0x
53B0
0x
53BC
0x
53C0
0x
53C4
0x
53C8
0x
53CC
0x
53D0
0x
53D4
0x
53D8
0x
53DC
0x
53E0
0x
53E4
0x
53E8
0x
53EC
0x
53F0
0x
53F4
0x
53F8
0x
53FC
0x
4878
0x
5404
0x
5408
0x
540C
0x
5410
0x
5414
0x
5418
0x
541C
0x
5420
0x
5424
0x
5428
0x
542C
0x
5430
0x
5434
0x
5438
0x
543C
0x
5440
0x
5444
0x
5448
0x
544C
0x
5450
0x
5454
0x
5458
0x
545C
0x
5460
0x
5464
0x
5468
0x
546C
0x
5470
0x
5474
0x
5478
0x
547C
0x
5480
0x
5484
0x
5488
0x
548C
0x
5490
0x
5494
0x
5498
0x
549C
0x
54A0
0x
54A4
0x
54A8
0x
54AC
0x
54B0
0x
54B4
0x
54C0
0x
54C4
0x
54C8
0x
54CC
0x
54D0
0x
54D4
0x
54D8
0x
54DC
0x
54E0
0x
54E4
0x
54E8
0x
54EC
0x
54F0
0x
54F4
0x
54F8
0x
54FC
0x
5500
0x
5504
0x
5508
0x
550C
0x
5510
0x
5514
0x
5518
0x
551C
0x
5520
0x
5524
0x
5528
0x
552C
0x
5530
0x
5534
0x
5538
0x
553C
0x
5540
0x
5544
0x
5548
0x
554C
0x
5550
0x
5554
0x
5558
0x
555C
0x
5560
0x
5564
0x
5568
0x
556C
0x
5570
0x
5574
0x
5578
0x
557C
0x
5580
0x
5584
0x
5588
0x
558C
0x
5590
0x
5594
0x
5598
0x
559C
0x
55A0
0x
55A4
0x
55A8
0x
55AC
0x
55B0
0x
55B4
0x
55B8
0x
55BC
0x
55C0
0x
55C4
0x
55C8
0x
55CC
0x
55D0
0x
55D4
0x
55D8
0x
55DC
0x
55E0
0x
55E4
0x
55E8
0x
55EC
0x
55F0
0x
55F4
0x
55F8
0x
55FC
0x
5600
0x
5604
0x
5608
0x
560C
0x
5610
0x
5614
0x
5618
0x
561C
0x
5620
0x
5624
0x
5628
0x
562C
0x
5630
0x
5634
0x
5638
0x
563C
0x
5640
0x
5644
0x
564C
0x
5650
0x
5654
0x
5658
0x
565C
0x
5660
0x
5664
0x
5668
0x
566C
0x
5670
0x
5674
0x
5678
0x
567C
0x
5680
0x
5684
0x
5688
0x
568C
0x
5690
0x
5694
0x
5698
0x
569C
0x
56A0
0x
56A4
0x
56A8
0x
56AC
0x
56B0
0x
56B4
0x
56B8
0x
56BC
0x
56C0
0x
56C4
0x
56C8
0x
56D0
0x
56D4
0x
56D8
0x
56DC
0x
56E0
0x
56E4
0x
56E8
0x
56EC
0x
56F0
0x
56F4
0x
56F8
0x
56FC
0x
5700
0x
5704
0x
5708
0x
570C
0x
5710
0x
5714
0x
5718
0x
571C
0x
5720
0x
5724
0x
5728
0x
572C
0x
5730
0x
5734
0x
5738
0x
573C
0x
5740
0x
5744
0x
5748
0x
574C
0x
5750
0x
5754
0x
5758
0x
575C
0x
5760
0x
5764
0x
5768
0x
576C
0x
5770
0x
5774
0x
5778
0x
577C
0x
5780
0x
5784
0x
5788
0x
578C
0x
5790
0x
5794
0x
5798
0x
579C
0x
57A0
0x
57A4
0x
57A8
0x
57AC
0x
57B0
0x
57B4
0x
57B8
0x
57F8
0x
57FC
0x
10B4
0x
486C
0x
53B8
0x
5648
0x
4348
0x
54BC
0x
56CC
0x
4C84
0x
4EB0
0x
521C
0x
50FC
0x
5220
0x
4F48
0x
519C
0x
5198
0x
4D10
0x
5218
0x
4DA0
0x
5804
0x
5808
0x
580C
0x
5810
0x
5814
0x
5818
0x
581C
0x
5820
0x
5824
0x
5828
0x
582C
0x
5830
0x
5834
0x
5838
0x
583C
0x
5840
0x
5844
0x
5848
0x
584C
0x
5850
0x
5854
0x
5858
0x
585C
0x
5860
0x
5864
0x
5868
0x
586C
0x
5870
0x
5874
0x
5878
0x
587C
0x
5880
0x
5884
0x
5888
0x
588C
0x
5890
0x
5894
0x
5898
0x
589C
0x
58A0
0x
58A4
0x
58B4
0x
58B8
0x
58BC
0x
58C0
0x
58C4
0x
58C8
0x
58CC
0x
58D0
0x
58D4
0x
58D8
0x
58DC
0x
58E0
0x
58E4
0x
58E8
0x
58EC
0x
58F0
0x
58F4
0x
58F8
0x
58FC
0x
5900
0x
5904
0x
5908
0x
590C
0x
5910
0x
5914
0x
5918
0x
591C
0x
5920
0x
5924
0x
5928
0x
592C
0x
5930
0x
5934
0x
5954
0x
5958
0x
595C
0x
5960
0x
5964
0x
5968
0x
596C
0x
5970
0x
5974
0x
5978
0x
597C
0x
5980
0x
5984
0x
5988
0x
598C
0x
5990
0x
5994
0x
5998
0x
599C
0x
59A0
0x
59A4
0x
59A8
0x
59AC
0x
59B0
0x
59B4
0x
59B8
0x
59BC
0x
59C0
0x
59C4
0x
59C8
0x
59CC
0x
59D0
0x
59D4
0x
59D8
0x
59DC
0x
59E0
0x
59E4
0x
59E8
0x
59EC
0x
59F0
0x
59F4
0x
59F8
0x
59FC
0x
5A00
0x
5A04
0x
5A08
0x
5A0C
0x
5A10
0x
5A14
0x
5A18
0x
5A1C
0x
5A20
0x
5A24
0x
5A28
0x
5A2C
0x
5A30
0x
5A34
0x
5A38
0x
5A3C
0x
5A40
0x
5A44
0x
5A48
0x
5A4C
0x
5A50
0x
5A54
0x
5A58
0x
5A5C
0x
5A60
0x
5A64
0x
5A68
0x
5A6C
0x
5A70
0x
5A74
0x
5A78
0x
5A7C
0x
5A80
0x
5A84
0x
5A88
0x
5A8C
0x
5A90
0x
5A94
0x
5A98
0x
5A9C
0x
5AA0
0x
5AA4
0x
5AA8
0x
5AAC
0x
5AB0
0x
5AB4
0x
5AB8
0x
5ABC
0x
5AC0
0x
5AC4
0x
5AC8
0x
5ACC
0x
5AD0
0x
5AD4
0x
5AD8
0x
5ADC
0x
5AE0
0x
5AE4
0x
5AE8
0x
5AEC
0x
5AF0
0x
5AF4
0x
5AF8
0x
5AFC
0x
5B00
0x
5B04
0x
5B08
0x
5B0C
0x
5B10
0x
5B14
0x
5B18
0x
5B1C
0x
5B20
0x
5B24
0x
5B28
0x
5B2C
0x
5B30
0x
5B34
0x
5B38
0x
5B3C
0x
5B40
0x
5B44
0x
5B48
0x
5B4C
0x
5B50
0x
5B54
0x
5B58
0x
5B5C
0x
5B60
0x
5B64
0x
5B68
0x
5B6C
0x
5B70
0x
5B74
0x
5B78
0x
5B7C
0x
5B80
0x
5B84
0x
5B88
0x
5B8C
0x
5B90
0x
5B94
0x
5B98
0x
5B9C
0x
5BA0
0x
5BA4
0x
5BA8
0x
5BAC
0x
5BB0
0x
5BB4
0x
5BB8
0x
5BBC
0x
5BC0
0x
5BC4
0x
5BC8
0x
5BCC
0x
5BD0
0x
5BD4
0x
5BD8
0x
5BDC
0x
5BE0
0x
5BE4
0x
5BE8
0x
5BEC
0x
5BF0
0x
5BF4
0x
5BF8
0x
5BFC
0x
5C04
0x
5C08
0x
5C0C
0x
5C10
0x
5C14
0x
5C18
0x
5C1C
0x
5C20
0x
5C24
0x
5C28
0x
5C2C
0x
5C30
0x
5C34
0x
5C38
0x
5C3C
0x
5C40
0x
5C44
0x
5C48
0x
5C4C
0x
5C50
0x
5C54
0x
5C5C
0x
5C58
0x
5C60
0x
5C64
0x
5C68
0x
5C6C
0x
5C70
0x
5C74
0x
5C78
0x
5C7C
0x
5C80
0x
5C84
0x
5C88
0x
5C8C
0x
5C90
0x
5C94
0x
5C98
0x
5C9C
0x
5CA0
0x
5CA4
0x
5CA8
0x
5CAC
0x
5CB0
0x
5CB4
0x
5CB8
0x
5CBC
0x
5CC0
0x
5CC4
0x
5CC8
0x
5CCC
0x
5CD0
0x
5CD4
0x
5CD8
0x
5CDC
0x
5CE0
0x
5CE4
0x
5CE8
0x
5CEC
0x
5CF0
0x
5CF4
0x
5CF8
0x
5CFC
0x
5D00
0x
5D04
0x
5D08
0x
5D0C
0x
5D10
0x
5D14
0x
5D18
0x
5D1C
0x
5D20
0x
5D24
0x
5D28
0x
5D2C
0x
5D30
0x
5D34
0x
5D38
0x
5D3C
0x
5D40
0x
5D44
0x
5D48
0x
5D4C
0x
5D50
0x
5D54
0x
5D58
0x
5D5C
0x
5D60
0x
5D64
0x
5D68
0x
5D6C
0x
5D70
0x
5D74
0x
5D78
0x
5D7C
0x
5D80
0x
5D84
0x
5D88
0x
5D8C
0x
5D90
0x
5D94
0x
5D98
0x
5D9C
0x
5DA0
0x
5DA4
0x
5DA8
0x
5DB4
0x
5DB8
0x
5DBC
0x
5DC0
0x
5DC4
0x
5DC8
0x
5DCC
0x
5DD0
0x
5DD4
0x
5DD8
0x
5DDC
0x
5DE0
0x
5DE4
0x
5DE8
0x
5DEC
0x
5DF0
0x
5DF4
0x
5DF8
0x
5DFC
0x
5E00
0x
5E04
0x
5E08
0x
5E0C
0x
5E10
0x
5E14
0x
5E18
0x
5E1C
0x
5E20
0x
5E24
0x
5E28
0x
5E2C
0x
5E30
0x
5E34
0x
5E38
0x
5E3C
0x
5E40
0x
5E44
0x
5E48
0x
5E4C
0x
5E50
0x
5E54
0x
5E58
0x
5E5C
0x
5E60
0x
5E64
0x
5E68
0x
5E6C
0x
5E70
0x
5E74
0x
5E78
0x
5E7C
0x
5E80
0x
5E84
0x
5E88
0x
5E8C
0x
5E90
0x
5E94
0x
5E98
0x
5E9C
0x
5EA0
0x
5EA4
0x
5EA8
0x
5EAC
0x
5EB0
0x
5EB4
0x
5EB8
0x
5EBC
0x
5EC0
0x
5EC4
0x
5EC8
0x
5ECC
0x
5ED0
0x
5ED4
0x
5ED8
0x
5EDC
0x
5EE0
0x
5EE4
0x
5EE8
0x
5EEC
0x
5EF0
0x
5EF4
0x
5EF8
0x
5EFC
0x
5F00
0x
5F04
0x
5F08
0x
5F0C
0x
5F10
0x
5F14
0x
5F18
0x
5F1C
0x
5F20
0x
5F24
0x
5F28
0x
5F2C
0x
5F30
0x
5F34
0x
5F38
0x
5F3C
0x
5F40
0x
5F44
0x
5F48
0x
5F4C
0x
5F50
0x
5F54
0x
5F58
0x
5F5C
0x
5F60
0x
5F64
0x
5F68
0x
5F6C
0x
5F70
0x
5F74
0x
5F78
0x
5F7C
0x
5F80
0x
5F84
0x
5F88
0x
5F8C
0x
5F90
0x
5F94
0x
5F98
0x
5F9C
0x
5FA0
0x
5FA4
0x
5FA8
0x
5FAC
0x
5FB0
0x
5FB4
0x
5FB8
0x
5FBC
0x
5FC0
0x
5FC4
0x
5FC8
0x
5FCC
0x
5FD0
0x
5FD4
0x
5FD8
0x
5FDC
0x
5FE0
0x
5FE4
0x
5FE8
0x
5FEC
0x
5FF0
0x
5FF4
0x
5FF8
0x
5FFC
0x
53B4
0x
54B8
0x
437C
0x
4C80
0x
4C88
0x
4D08
0x
57E0
0x
57DC
0x
57D8
0x
4AAC
0x
4A14
0x
4360
0x
57D0
0x
4380
0x
6004
0x
6008
0x
600C
0x
6010
0x
6014
0x
6018
0x
601C
0x
6020
0x
6024
0x
6028
0x
602C
0x
6030
0x
6034
0x
6038
0x
603C
0x
6040
0x
6044
0x
6048
0x
604C
0x
6050
0x
6054
0x
6058
0x
605C
0x
6060
0x
6064
0x
6068
0x
606C
0x
6070
0x
6074
0x
6078
0x
607C
0x
6080
0x
6084
0x
6088
0x
608C
0x
6090
0x
6094
0x
6098
0x
609C
0x
60A0
0x
60A4
0x
60A8
0x
60AC
0x
60B0
0x
60B4
0x
60B8
0x
60BC
0x
60C0
0x
60C4
0x
60C8
0x
60CC
0x
60D0
0x
60D4
0x
60D8
0x
60DC
0x
60E0
0x
60E4
0x
60E8
0x
60EC
0x
60F0
0x
60F4
0x
60F8
0x
60FC
0x
6100
0x
6104
0x
6108
0x
610C
0x
6110
0x
6114
0x
6118
0x
611C
0x
6120
0x
6124
0x
6128
0x
612C
0x
6130
0x
6134
0x
6138
0x
613C
0x
6140
0x
6144
0x
6148
0x
614C
0x
6150
0x
6154
0x
6158
0x
615C
0x
6160
0x
6164
0x
6168
0x
616C
0x
6170
0x
6174
0x
6178
0x
617C
0x
6180
0x
6184
0x
6188
0x
618C
0x
6190
0x
6194
0x
6198
0x
619C
0x
61A0
0x
61A4
0x
61A8
0x
61AC
0x
61B0
0x
61BC
0x
61C0
0x
61C4
0x
61C8
0x
61CC
0x
61D0
0x
61D4
0x
61D8
0x
61DC
0x
61E0
0x
61E4
0x
61E8
0x
61EC
0x
61F0
0x
61F4
0x
61F8
0x
61FC
0x
6200
0x
6204
0x
6208
0x
620C
0x
6210
0x
6214
0x
6218
0x
621C
0x
6220
0x
6224
0x
6228
0x
622C
0x
6230
0x
6234
0x
6238
0x
623C
0x
6240
0x
6244
0x
6250
0x
6254
0x
6258
0x
625C
0x
6260
0x
6264
0x
6268
0x
626C
0x
6270
0x
6274
0x
6278
0x
627C
0x
6280
0x
6284
0x
6288
0x
628C
0x
6290
0x
6294
0x
6298
0x
629C
0x
62A0
0x
62A4
0x
62A8
0x
62AC
0x
62B0
0x
62B4
0x
62B8
0x
62BC
0x
62C0
0x
62C4
0x
62C8
0x
62CC
0x
62D0
0x
62D4
0x
62D8
0x
62DC
0x
62E0
0x
62F0
0x
62F4
0x
62F8
0x
62FC
0x
6300
0x
6304
0x
6308
0x
630C
0x
6310
0x
6314
0x
6318
0x
631C
0x
6320
0x
6324
0x
6328
0x
632C
0x
6330
0x
6334
0x
6338
0x
633C
0x
6340
0x
6344
0x
6348
0x
634C
0x
6350
0x
6354
0x
6358
0x
635C
0x
6360
0x
6364
0x
6368
0x
636C
0x
6370
0x
6374
0x
6380
0x
6384
0x
6388
0x
638C
0x
6390
0x
6394
0x
6398
0x
639C
0x
63A0
0x
63A4
0x
63A8
0x
63AC
0x
63B0
0x
63B4
0x
63B8
0x
63BC
0x
63C0
0x
63C4
0x
63C8
0x
63CC
0x
63D0
0x
63D4
0x
63D8
0x
63DC
0x
63E0
0x
63E4
0x
63EC
0x
63F0
0x
63F4
0x
63F8
0x
63FC
0x
491C
0x
4918
0x
4AE4
0x
4A10
0x
49E8
0x
6404
0x
6408
0x
640C
0x
6410
0x
6414
0x
6418
0x
641C
0x
6420
0x
6424
0x
6428
0x
642C
0x
6430
0x
6434
0x
6438
0x
643C
0x
6440
0x
6444
0x
6448
0x
644C
0x
6450
0x
6454
0x
6458
0x
645C
0x
6464
0x
6468
0x
646C
0x
6470
0x
6474
0x
6478
0x
647C
0x
6480
0x
6484
0x
6488
0x
648C
0x
6490
0x
6494
0x
6498
0x
649C
0x
64A0
0x
64A4
0x
64A8
0x
64AC
0x
64B0
0x
64B4
0x
64B8
0x
64BC
0x
64C0
0x
64C4
0x
64C8
0x
64CC
0x
64D0
0x
64D4
0x
64D8
0x
64DC
0x
64E0
0x
64E4
0x
64E8
0x
64EC
0x
64F0
0x
64F4
0x
64FC
0x
6500
0x
6504
0x
6508
0x
650C
0x
6510
0x
6514
0x
6518
0x
651C
0x
6520
0x
6524
0x
6528
0x
652C
0x
6530
0x
6534
0x
6538
0x
653C
0x
6540
0x
6544
0x
6548
0x
654C
0x
6550
0x
6554
0x
6558
0x
655C
0x
6560
0x
6564
0x
6568
0x
656C
0x
6570
0x
6574
0x
6578
0x
657C
0x
6590
0x
6594
0x
6598
0x
659C
0x
65A0
0x
65A4
0x
65A8
0x
65AC
0x
65B0
0x
65B4
0x
65B8
0x
65BC
0x
65C0
0x
65C4
0x
65C8
0x
65CC
0x
65D0
0x
65D4
0x
65D8
0x
65DC
0x
65E0
0x
65E4
0x
65E8
0x
65EC
0x
65F0
0x
65F4
0x
65F8
0x
65FC
0x
6600
0x
6604
0x
6608
0x
660C
0x
6610
0x
6618
0x
661C
0x
6620
0x
6624
0x
6628
0x
662C
0x
6630
0x
6634
0x
6638
0x
663C
0x
6640
0x
6644
0x
6648
0x
664C
0x
6650
0x
6654
0x
6658
0x
665C
0x
6660
0x
6664
0x
6668
0x
666C
0x
6670
0x
6674
0x
6678
0x
667C
0x
6680
0x
6684
0x
6688
0x
668C
0x
6690
0x
6694
0x
6698
0x
66A0
0x
66A4
0x
66A8
0x
66AC
0x
66B0
0x
66B4
0x
66B8
0x
66BC
0x
66C0
0x
66C4
0x
66C8
0x
66CC
0x
66D0
0x
66D4
0x
66D8
0x
66DC
0x
66E0
0x
66E4
0x
66E8
0x
66EC
0x
66F0
0x
66F4
0x
66F8
0x
66FC
0x
6700
0x
6704
0x
6708
0x
670C
0x
6710
0x
6714
0x
6718
0x
671C
0x
6720
0x
6724
0x
6728
0x
672C
0x
6730
0x
6734
0x
6738
0x
673C
0x
6740
0x
6744
0x
6748
0x
674C
0x
6750
0x
6754
0x
6758
0x
675C
0x
6760
0x
6764
0x
6768
0x
676C
0x
6770
0x
6774
0x
6778
0x
677C
0x
6780
0x
6784
0x
6788
0x
678C
0x
6790
0x
6794
0x
6798
0x
679C
0x
67A0
0x
67A4
0x
67A8
0x
67AC
0x
67B0
0x
67B4
0x
67B8
0x
67BC
0x
67C0
0x
67C4
0x
67C8
0x
67DC
0x
67E0
0x
67E4
0x
67E8
0x
67EC
0x
67F0
0x
67F4
0x
67F8
0x
67FC
0x
62EC
0x
6378
0x
5C5C
0x
20E0
0x
6804
0x
6808
0x
680C
0x
6810
0x
6814
0x
6818
0x
681C
0x
6820
0x
6824
0x
6828
0x
682C
0x
6830
0x
6834
0x
6838
0x
683C
0x
6840
0x
6844
0x
6848
0x
684C
0x
6850
0x
6854
0x
6858
0x
685C
0x
6860
0x
6864
0x
6868
0x
686C
0x
6870
0x
6874
0x
6878
0x
687C
0x
6880
0x
6884
0x
6888
0x
688C
0x
6890
0x
6894
0x
6898
0x
689C
0x
68A0
0x
68A4
0x
68A8
0x
68AC
0x
68B0
0x
68B4
0x
68B8
0x
68BC
0x
68C0
0x
68C4
0x
68C8
0x
68CC
0x
68D0
0x
68D4
0x
68D8
0x
68DC
0x
68E0
0x
68E4
0x
68E8
0x
68EC
0x
68F0
0x
68F4
0x
68F8
0x
68FC
0x
6900
0x
6904
0x
6908
0x
690C
0x
6910
0x
6914
0x
6918
0x
6920
0x
6924
0x
6928
0x
692C
0x
6930
0x
6934
0x
6938
0x
693C
0x
6940
0x
6944
0x
6948
0x
694C
0x
6950
0x
6954
0x
6958
0x
695C
0x
6960
0x
6964
0x
6968
0x
696C
0x
6970
0x
6974
0x
6978
0x
697C
0x
6980
0x
6984
0x
6988
0x
698C
0x
6990
0x
6994
0x
6998
0x
699C
0x
69A0
0x
69A4
0x
69B0
0x
69B4
0x
69B8
0x
69BC
0x
69C0
0x
69C4
0x
69C8
0x
69CC
0x
69D0
0x
69D4
0x
69D8
0x
69DC
0x
69E0
0x
69E4
0x
69E8
0x
69EC
0x
69F0
0x
69F4
0x
69F8
0x
69FC
0x
6A00
0x
6A04
0x
6A08
0x
6A0C
0x
6A10
0x
6A14
0x
6A18
0x
6A1C
0x
6A20
0x
6A24
0x
6A28
0x
6A2C
0x
6A30
0x
6A34
0x
6A38
0x
6A3C
0x
6A40
0x
6A44
0x
6A48
0x
6A4C
0x
6A50
0x
6A54
0x
6A58
0x
6A5C
0x
6A60
0x
6A64
0x
6A68
0x
6A6C
0x
6A70
0x
6A74
0x
6A78
0x
6A7C
0x
6A80
0x
6A84
0x
6A88
0x
6A8C
0x
6A90
0x
6A94
0x
6A98
0x
6A9C
0x
6AA0
0x
6AA4
0x
6AA8
0x
6AAC
0x
6AB0
0x
6AB4
0x
6AB8
0x
6ABC
0x
6AC0
0x
6AC4
0x
6AC8
0x
6ACC
0x
6AD0
0x
6AD4
0x
6AD8
0x
6ADC
0x
6AE0
0x
6AE4
0x
6AE8
0x
6AEC
0x
6AF0
0x
6AF4
0x
6AF8
0x
6AFC
0x
6B00
0x
6B04
0x
6B08
0x
6B0C
0x
6B10
0x
6B14
0x
6B18
0x
6B1C
0x
6B20
0x
6B24
0x
6B28
0x
6B2C
0x
6B30
0x
6B34
0x
6B38
0x
6B3C
0x
6B40
0x
6B44
0x
6B48
0x
6B4C
0x
6B50
0x
6B54
0x
6B58
0x
6B5C
0x
6B60
0x
6B64
0x
6B68
0x
6B6C
0x
6B70
0x
6B74
0x
6B78
0x
6B7C
0x
6B80
0x
6B84
0x
6B88
0x
6B8C
0x
6B90
0x
6B94
0x
6B98
0x
6B9C
0x
6BA0
0x
6BA4
0x
6BA8
0x
6BAC
0x
6BB0
0x
6BB4
0x
6BB8
0x
6BBC
0x
6BC0
0x
6BC4
0x
6BC8
0x
6BCC
0x
6BD0
0x
6BD4
0x
6BD8
0x
6BDC
0x
6BE0
0x
6BE4
0x
6BE8
0x
6BEC
0x
6BF0
0x
6BF4
0x
6BF8
0x
6BFC
0x
5CEC
0x
2184
0x
57E8
0x
6C04
0x
6C48
0x
6C4C
0x
6C7C
0x
6C80
0x
6C84
0x
6C88
0x
6C8C
0x
6C90
0x
6C94
0x
6C98
0x
6C9C
0x
6CA0
0x
6CA4
0x
6CA8
0x
6CAC
0x
6CB0
0x
6CB4
0x
6CB8
0x
6CBC
0x
6CC0
0x
6CC4
0x
6CC8
0x
6CCC
0x
6CD4
0x
6CD8
0x
6CDC
0x
6CE0
0x
6CE4
0x
6CE8
0x
6CEC
0x
6CF0
0x
6CF4
0x
6CF8
0x
6CFC
0x
6D04
0x
6D08
0x
6D0C
0x
6D10
0x
6D14
0x
6D18
0x
6D1C
0x
6D20
0x
6D24
0x
6D28
0x
6D2C
0x
6D30
0x
6D34
0x
6D38
0x
6D3C
0x
6D40
0x
6D44
0x
6D48
0x
6D4C
0x
6D50
0x
6D54
0x
6D58
0x
6D5C
0x
6D60
0x
6D64
0x
6D68
0x
6D6C
0x
6D70
0x
6D74
0x
6D78
0x
6D7C
0x
6D80
0x
6D84
0x
6D88
0x
6D8C
0x
6D90
0x
6D94
0x
6D98
0x
6D9C
0x
6DA0
0x
6DA4
0x
6DA8
0x
6DAC
0x
6DB0
0x
6DB4
0x
6DB8
0x
6DBC
0x
6DC0
0x
6DC4
0x
6DC8
0x
6DCC
0x
6DD0
0x
6DD4
0x
6DD8
0x
6DDC
0x
6DE0
0x
6DE4
0x
6DE8
0x
6DEC
0x
6DF0
0x
6DF4
0x
6DF8
0x
6DFC
0x
6E08
0x
6E0C
0x
6E10
0x
6E14
0x
6E18
0x
6E1C
0x
6E20
0x
6E24
0x
6E28
0x
6E2C
0x
6E30
0x
6E34
0x
6E38
0x
6E3C
0x
6E40
0x
6E4C
0x
6E50
0x
6E54
0x
6E58
0x
6E5C
0x
6E60
0x
6E64
0x
6E68
0x
6E6C
0x
6E70
0x
6E74
0x
6E78
0x
6E7C
0x
6E80
0x
6E84
0x
6E88
0x
6E8C
0x
6E90
0x
6E94
0x
6E98
0x
6E9C
0x
6EA0
0x
6EA4
0x
6EA8
0x
6EAC
0x
6EB0
0x
6EB4
0x
6EB8
0x
6EBC
0x
6EC0
0x
6EC4
0x
6EC8
0x
6ECC
0x
6ED0
0x
6ED4
0x
6ED8
0x
6EDC
0x
6EE0
0x
6EE4
0x
6EE8
0x
6EEC
0x
6EF0
0x
6EF4
0x
6EF8
0x
6EFC
0x
6F00
0x
6F04
0x
6F08
0x
6F0C
0x
6F10
0x
6F14
0x
6F18
0x
6F1C
0x
6F20
0x
6F24
0x
6F28
0x
6F2C
0x
6F30
0x
6F34
0x
6F38
0x
6F3C
0x
6F44
0x
6F48
0x
6F4C
0x
6F50
0x
6F54
0x
6F58
0x
6F5C
0x
6F60
0x
6F64
0x
6F68
0x
6F6C
0x
6F70
0x
6F74
0x
6F78
0x
6F7C
0x
6F80
0x
6F84
0x
6F88
0x
6F8C
0x
6F90
0x
6F94
0x
6F98
0x
6F9C
0x
6FA0
0x
6FA4
0x
6FA8
0x
6FAC
0x
6FB0
0x
6FB4
0x
6FBC
0x
6FC0
0x
6FC4
0x
6FC8
0x
6FCC
0x
6FD0
0x
6FD4
0x
6FD8
0x
6FDC
0x
6FE0
0x
6FE4
0x
6FE8
0x
6FEC
0x
6FF0
0x
6FF4
0x
6FF8
0x
6FFC
0x
FEC
0x
67D0
0x
691C
0x
61B8
0x
67D8
0x
67CC
0x
69A8
0x
67D4
0x
624C
0x
6460
0x
6614
0x
6580
0x
669C
0x
64F8
0x
61B4
0x
6588
0x
6584
0x
637C
0x
658C
0x
63E8
0x
6248
0x
62E8
0x
62E4
0x
1494
0x
2260
0x
6C68
0x
6C70
0x
6C48
0x
7004
0x
7008
0x
700C
0x
7010
0x
7014
0x
7018
0x
701C
0x
7020
0x
7024
0x
7028
0x
702C
0x
7030
0x
7034
0x
7038
0x
703C
0x
7040
0x
7044
0x
7048
0x
704C
0x
7050
0x
7054
0x
7060
0x
7064
0x
7068
0x
706C
0x
7070
0x
7074
0x
7078
0x
707C
0x
7080
0x
7084
0x
7088
0x
708C
0x
7090
0x
7094
0x
7098
0x
70A4
0x
70A8
0x
70AC
0x
70B0
0x
70B4
0x
70B8
0x
70BC
0x
70C0
0x
70C4
0x
70C8
0x
70CC
0x
70D0
0x
70D4
0x
70D8
0x
70DC
0x
70E0
0x
70E4
0x
70E8
0x
70EC
0x
70F0
0x
70F4
0x
70F8
0x
70FC
0x
7100
0x
7104
0x
7108
0x
710C
0x
7110
0x
7114
0x
7118
0x
711C
0x
7120
0x
7124
0x
7128
0x
712C
0x
7130
0x
7134
0x
7138
0x
713C
0x
7140
0x
7144
0x
7148
0x
714C
0x
7150
0x
7154
0x
7158
0x
715C
0x
7160
0x
7164
0x
7168
0x
716C
0x
7170
0x
7174
0x
7178
0x
717C
0x
7180
0x
7184
0x
7188
0x
718C
0x
7190
0x
7194
0x
7198
0x
719C
0x
71A0
0x
71A4
0x
71A8
0x
71AC
0x
71B0
0x
71B4
0x
71B8
0x
71BC
0x
71C0
0x
71C4
0x
71C8
0x
71CC
0x
71D0
0x
71D4
0x
71D8
0x
71DC
0x
71E0
0x
71E4
0x
71E8
0x
71EC
0x
71F0
0x
71F4
0x
71F8
0x
71FC
0x
7200
0x
7204
0x
7208
0x
7210
0x
7214
0x
7218
0x
721C
0x
7220
0x
7224
0x
7228
0x
722C
0x
7230
0x
7234
0x
7238
0x
723C
0x
7240
0x
7244
0x
7248
0x
724C
0x
7250
0x
7254
0x
7258
0x
725C
0x
7260
0x
7264
0x
7268
0x
726C
0x
7270
0x
7274
0x
7278
0x
727C
0x
7280
0x
7284
0x
7290
0x
7294
0x
7298
0x
729C
0x
72A0
0x
72A4
0x
72A8
0x
72AC
0x
72B0
0x
72B4
0x
72B8
0x
72BC
0x
72C0
0x
72C4
0x
72C8
0x
72CC
0x
72D0
0x
72D4
0x
72D8
0x
72DC
0x
72E0
0x
72E4
0x
72E8
0x
72EC
0x
72F0
0x
72F4
0x
72F8
0x
72FC
0x
7300
0x
7304
0x
7308
0x
730C
0x
7310
0x
7314
0x
7318
0x
731C
0x
7320
0x
7324
0x
7328
0x
732C
0x
7330
0x
7334
0x
7338
0x
733C
0x
7340
0x
7344
0x
7348
0x
734C
0x
7350
0x
7354
0x
7358
0x
735C
0x
7360
0x
7364
0x
7368
0x
736C
0x
7370
0x
7374
0x
7378
0x
737C
0x
7380
0x
7384
0x
7388
0x
738C
0x
7390
0x
7394
0x
7398
0x
739C
0x
73A0
0x
73A4
0x
73A8
0x
73AC
0x
73B0
0x
73B4
0x
73B8
0x
73BC
0x
73C0
0x
73C4
0x
73C8
0x
73CC
0x
73D0
0x
73D4
0x
73D8
0x
73DC
0x
73E0
0x
73E4
0x
73E8
0x
73EC
0x
73F0
0x
73F4
0x
73F8
0x
73FC
0x
6C4C
0x
7404
0x
7408
0x
740C
0x
7410
0x
7414
0x
7418
0x
741C
0x
7420
0x
7424
0x
7428
0x
742C
0x
7430
0x
7434
0x
7438
0x
743C
0x
7440
0x
7444
0x
7448
0x
744C
0x
7450
0x
7454
0x
7458
0x
745C
0x
7460
0x
7464
0x
7468
0x
746C
0x
7470
0x
7474
0x
7478
0x
747C
0x
7480
0x
7484
0x
7488
0x
748C
0x
7490
0x
7494
0x
749C
0x
74A0
0x
74A4
0x
74A8
0x
74AC
0x
74B0
0x
74B4
0x
74B8
0x
74BC
0x
74C0
0x
74C4
0x
74C8
0x
74CC
0x
74D0
0x
74D4
0x
74D8
0x
74DC
0x
74E0
0x
74E4
0x
74E8
0x
74EC
0x
74F0
0x
74F4
0x
74F8
0x
74FC
0x
7500
0x
7504
0x
7508
0x
750C
0x
7510
0x
7514
0x
7518
0x
751C
0x
7520
0x
7528
0x
752C
0x
7530
0x
7534
0x
7538
0x
753C
0x
7540
0x
7544
0x
7548
0x
754C
0x
7550
0x
7554
0x
7558
0x
755C
0x
7560
0x
7564
0x
7568
0x
756C
0x
7570
0x
7574
0x
7578
0x
757C
0x
7580
0x
7584
0x
7588
0x
758C
0x
7590
0x
7594
0x
7598
0x
759C
0x
75A0
0x
75A4
0x
75A8
0x
75AC
0x
75B0
0x
75B4
0x
75B8
0x
75BC
0x
75C0
0x
75C4
0x
75C8
0x
75CC
0x
75D0
0x
75D4
0x
75D8
0x
75DC
0x
75E0
0x
75E4
0x
75E8
0x
75EC
0x
75F0
0x
75F4
0x
7600
0x
7604
0x
7608
0x
760C
0x
7610
0x
7614
0x
7618
0x
761C
0x
7620
0x
7624
0x
7628
0x
762C
0x
7630
0x
7634
0x
7638
0x
763C
0x
7640
0x
7644
0x
7648
0x
764C
0x
7650
0x
7654
0x
7658
0x
765C
0x
7660
0x
7664
0x
7668
0x
766C
0x
7670
0x
7674
0x
7678
0x
767C
0x
7680
0x
7684
0x
7688
0x
768C
0x
7690
0x
7694
0x
7698
0x
769C
0x
76A0
0x
76A4
0x
76A8
0x
76AC
0x
76B0
0x
76B4
0x
76B8
0x
76BC
0x
76C0
0x
76C4
0x
76C8
0x
76CC
0x
76D0
0x
76D4
0x
76D8
0x
76DC
0x
76E0
0x
76E4
0x
76E8
0x
76EC
0x
76F0
0x
76F4
0x
76F8
0x
76FC
0x
7700
0x
7704
0x
7708
0x
770C
0x
7710
0x
7714
0x
7718
0x
771C
0x
7720
0x
7724
0x
7728
0x
772C
0x
7730
0x
7734
0x
7738
0x
773C
0x
7740
0x
7744
0x
7748
0x
774C
0x
7750
0x
7754
0x
7758
0x
775C
0x
7760
0x
7764
0x
7768
0x
776C
0x
7770
0x
7774
0x
7778
0x
777C
0x
7780
0x
7784
0x
7788
0x
778C
0x
7790
0x
7794
0x
7798
0x
779C
0x
77A0
0x
77A4
0x
77A8
0x
77AC
0x
77B0
0x
77B4
0x
77B8
0x
77BC
0x
77C0
0x
77C4
0x
77C8
0x
77CC
0x
77D0
0x
77D4
0x
77D8
0x
77DC
0x
77E0
0x
77E4
0x
77E8
0x
77EC
0x
77F0
0x
77F4
0x
77F8
0x
77FC
0x
58A8
0x
57D4
0x
58AC
0x
44F8
0x
7498
0x
69AC
0x
7804
0x
7808
0x
780C
0x
7810
0x
7814
0x
7818
0x
781C
0x
7820
0x
7824
0x
7828
0x
782C
0x
7830
0x
7834
0x
7838
0x
783C
0x
7840
0x
7844
0x
7848
0x
784C
0x
7850
0x
7854
0x
7858
0x
785C
0x
7860
0x
7864
0x
7868
0x
786C
0x
7870
0x
7874
0x
7878
0x
787C
0x
7880
0x
7884
0x
7888
0x
788C
0x
7890
0x
7894
0x
7898
0x
789C
0x
78A0
0x
78A4
0x
78A8
0x
78AC
0x
78B0
0x
78B4
0x
78B8
0x
78BC
0x
78C0
0x
78C4
0x
78C8
0x
78CC
0x
78D0
0x
78D4
0x
78D8
0x
78DC
0x
78E0
0x
78E4
0x
78E8
0x
78EC
0x
78F0
0x
78F4
0x
78F8
0x
78FC
0x
7900
0x
7904
0x
7908
0x
790C
0x
7910
0x
7914
0x
7918
0x
791C
0x
7920
0x
7924
0x
7928
0x
792C
0x
7930
0x
7934
0x
7938
0x
793C
0x
7940
0x
7944
0x
7948
0x
794C
0x
7950
0x
7954
0x
7958
0x
795C
0x
7960
0x
7964
0x
7968
0x
796C
0x
7970
0x
7974
0x
7978
0x
797C
0x
7980
0x
7984
0x
798C
0x
7990
0x
799C
0x
79A0
0x
79A4
0x
79A8
0x
79AC
0x
79B0
0x
79B4
0x
79B8
0x
79BC
0x
79C0
0x
79C4
0x
79C8
0x
79CC
0x
79D0
0x
79D4
0x
79D8
0x
79DC
0x
79E0
0x
79E4
0x
79E8
0x
79EC
0x
79F0
0x
79F4
0x
79F8
0x
79FC
0x
7A00
0x
7A04
0x
7A08
0x
7A0C
0x
7A10
0x
7A14
0x
7A18
0x
7A1C
0x
7A20
0x
7A24
0x
7A28
0x
7A2C
0x
7A30
0x
7A34
0x
7A38
0x
7A3C
0x
7A40
0x
7A44
0x
7A48
0x
7A4C
0x
7A50
0x
7A54
0x
7A58
0x
7A5C
0x
7A60
0x
7A64
0x
7A68
0x
7A6C
0x
7A70
0x
7A74
0x
7A78
0x
7A7C
0x
7A80
0x
7A84
0x
7A88
0x
7A8C
0x
7A90
0x
7A94
0x
7A98
0x
7A9C
0x
7AA8
0x
7AAC
0x
7AB0
0x
7AB4
0x
7AB8
0x
7ABC
0x
7AC0
0x
7AC4
0x
7ACC
0x
7AD0
0x
7AD4
0x
7AD8
0x
7ADC
0x
7AE0
0x
7AE4
0x
7AE8
0x
7AEC
0x
7AF0
0x
7AF4
0x
7AF8
0x
7AFC
0x
7B00
0x
7B04
0x
7B08
0x
7B0C
0x
7B10
0x
7B14
0x
7B18
0x
7B1C
0x
7B20
0x
7B24
0x
7B28
0x
7B2C
0x
7B30
0x
7B34
0x
7B38
0x
7B3C
0x
7B40
0x
7B44
0x
7B48
0x
7B4C
0x
7B50
0x
7B54
0x
7B58
0x
7B5C
0x
7B60
0x
7B64
0x
7B68
0x
7B6C
0x
7B70
0x
7B74
0x
7B78
0x
7B7C
0x
7B80
0x
7B84
0x
7B88
0x
7B8C
0x
7B90
0x
7B94
0x
7B98
0x
7B9C
0x
7BA0
0x
7BA4
0x
7BA8
0x
7BAC
0x
7BB0
0x
7BB4
0x
7BB8
0x
7BBC
0x
7BC0
0x
7BC4
0x
7BD0
0x
7BD4
0x
7BD8
0x
7BDC
0x
7BE0
0x
7BE4
0x
7BE8
0x
7BEC
0x
7BF0
0x
7BF4
0x
7BF8
0x
7BFC
0x
44F4
0x
E20
0x
E10
0x
FBC
0x
1E1C
0x
41AC
0x
32CC
0x
447C
0x
1E20
0x
B78
0x
1E18
0x
7994
0x
7B0
0x
40C
0x
4F8
0x
528
0x
B14
0x
680
0x
8B4
0x
780
0x
98C
0x
8EC
0x
AF0
0x
A70
0x
4430
0x
705C
0x
720C
0x
5950
0x
70A0
0x
7288
0x
7058
0x
6C58
0x
709C
0x
6C60
0x
6D00
0x
6F40
0x
6FB8
0x
204C
0x
6E04
0x
6C54
0x
6C5C
0x
6E48
0x
6C74
0x
6E00
0x
E2C
0x
E08
0x
E18
0x
E24
0x
E28
0x
E1C
0x
E14
0x
22D8
0x
5938
0x
5948
0x
5940
0x
57F4
0x
57F0
0x
6B0
0x
7C04
0x
7C08
0x
7C14
0x
7C18
0x
7C1C
0x
7C20
0x
7C24
0x
7C28
0x
7C2C
0x
7C30
0x
7C34
0x
7C38
0x
7C3C
0x
7C40
0x
7C44
0x
7C48
0x
7C4C
0x
7C50
0x
7C54
0x
7C58
0x
7C5C
0x
7C60
0x
7C64
0x
7C68
0x
7C6C
0x
7C70
0x
7C74
0x
7C78
0x
7C7C
0x
7C80
0x
7C84
0x
7C88
0x
7C8C
0x
7C90
0x
7C94
0x
7C98
0x
7C9C
0x
7CA0
0x
7CA4
0x
7CA8
0x
7CAC
0x
7CB0
0x
7CB4
0x
7CB8
0x
7CBC
0x
7CC0
0x
7CC4
0x
7CC8
0x
7CCC
0x
7CD8
0x
7CDC
0x
7CE0
0x
7CE4
0x
7CF0
0x
7CF4
0x
7CF8
0x
7CFC
0x
7D00
0x
7D04
0x
7D08
0x
7D0C
0x
7D10
0x
7D14
0x
7D18
0x
7D1C
0x
7D20
0x
7D24
0x
7D28
0x
7D2C
0x
7D30
0x
7D34
0x
7D38
0x
7D3C
0x
7D40
0x
7D44
0x
7D48
0x
7D4C
0x
7D50
0x
7D54
0x
7D68
0x
7D6C
0x
7D70
0x
7D74
0x
7D78
0x
7D7C
0x
7D80
0x
7D84
0x
7D88
0x
7D8C
0x
7D90
0x
7D94
0x
7D98
0x
7D9C
0x
7DA0
0x
7DA4
0x
7DA8
0x
7DAC
0x
7DB0
0x
7DB4
0x
7DB8
0x
7DBC
0x
7DC0
0x
7DC4
0x
7DC8
0x
7DD4
0x
7DD8
0x
7DDC
0x
7DE0
0x
7DE4
0x
7DE8
0x
7DEC
0x
7DF0
0x
7DF4
0x
7DF8
0x
7DFC
0x
7E00
0x
7E04
0x
7E08
0x
7E0C
0x
7E10
0x
7E14
0x
7E18
0x
7E1C
0x
7E20
0x
7E24
0x
7E28
0x
7E2C
0x
7E30
0x
7E34
0x
7E38
0x
7E3C
0x
7E40
0x
7E44
0x
7E48
0x
7E4C
0x
7E50
0x
7E54
0x
7E58
0x
7E5C
0x
7E60
0x
7E64
0x
7E68
0x
7E6C
0x
7E70
0x
7E74
0x
7E78
0x
7E7C
0x
7E80
0x
7E84
0x
7E88
0x
7E8C
0x
7E94
0x
7E98
0x
7E9C
0x
7EA0
0x
7EA4
0x
7EA8
0x
7EAC
0x
7EB0
0x
7EB4
0x
7EB8
0x
7EBC
0x
7EC0
0x
7EC4
0x
7EC8
0x
7ECC
0x
7ED0
0x
7ED4
0x
7ED8
0x
7EDC
0x
7EE0
0x
7EE4
0x
7EE8
0x
7EEC
0x
7EF0
0x
7EF4
0x
7EF8
0x
7EFC
0x
7F00
0x
7F04
0x
7F08
0x
7F0C
0x
7F10
0x
7F14
0x
7F18
0x
7F1C
0x
7F20
0x
7F24
0x
7F28
0x
7F2C
0x
7F30
0x
7F34
0x
7F38
0x
7F3C
0x
7F40
0x
7F44
0x
7F48
0x
7F4C
0x
7F54
0x
7F58
0x
7F5C
0x
7F60
0x
7F64
0x
7F68
0x
7F6C
0x
7F70
0x
7F74
0x
7F78
0x
7F7C
0x
7F80
0x
7F84
0x
7F88
0x
7F8C
0x
7F90
0x
7F94
0x
7F98
0x
7F9C
0x
7FA0
0x
7FA4
0x
7FA8
0x
7FAC
0x
7FB0
0x
7FB4
0x
7FB8
0x
7FBC
0x
7FC0
0x
7FC4
0x
7FC8
0x
7FCC
0x
7F98
0x
7F9C
0x
7FA4
0x
7FA8
0x
7FAC
0x
7FB0
0x
7FB4
0x
7FB8
0x
7FBC
0x
7FD0
0x
7FD4
0x
7FD8
0x
7FE4
0x
7FE8
0x
7FEC
0x
7FF0
0x
7FF4
0x
7FF8
0x
7FFC
0x
4870
0x
6C34
0x
82C
0x
6C6C
0x
6C64
0x
E04
0x
79E0
0x
58B0
0x
5DAC
0x
5DB0
0x
1F5C
0x
7D64
0x
1F58
0x
79A4
0x
8004
0x
8008
0x
800C
0x
8010
0x
8014
0x
8018
0x
801C
0x
8020
0x
8024
0x
8028
0x
802C
0x
8030
0x
8034
0x
8038
0x
803C
0x
8040
0x
8044
0x
8048
0x
804C
0x
8050
0x
8054
0x
8058
0x
805C
0x
8060
0x
8064
0x
8068
0x
806C
0x
8070
0x
8074
0x
8078
0x
807C
0x
8080
0x
8084
0x
8088
0x
808C
0x
8090
0x
8094
0x
8098
0x
809C
0x
80A0
0x
80A4
0x
80A8
0x
80AC
0x
80B0
0x
80B4
0x
80B8
0x
80BC
0x
80C0
0x
80C4
0x
80C8
0x
80CC
0x
80D0
0x
80D4
0x
80D8
0x
80DC
0x
80E0
0x
80E4
0x
80E8
0x
80EC
0x
80F0
0x
80F4
0x
80F8
0x
80FC
0x
8100
0x
8104
0x
8108
0x
810C
0x
8110
0x
8114
0x
8118
0x
811C
0x
8120
0x
8124
0x
8128
0x
812C
0x
8130
0x
8134
0x
8138
0x
813C
0x
8140
0x
8144
0x
8148
0x
814C
0x
8150
0x
8154
0x
8158
0x
815C
0x
8160
0x
8164
0x
8168
0x
816C
0x
8170
0x
8174
0x
8178
0x
817C
0x
8180
0x
8184
0x
8188
0x
818C
0x
8190
0x
8194
0x
8198
0x
819C
0x
81A0
0x
81A4
0x
81A8
0x
81AC
0x
81B0
0x
81B4
0x
81B8
0x
81BC
0x
81C0
0x
81C4
0x
81C8
0x
81CC
0x
81D0
0x
81D4
0x
81D8
0x
81DC
0x
81E0
0x
81E4
0x
81E8
0x
81EC
0x
81F0
0x
81F4
0x
81F8
0x
81FC
0x
8200
0x
8204
0x
8208
0x
820C
0x
8210
0x
8214
0x
8218
0x
821C
0x
8220
0x
8224
0x
8228
0x
822C
0x
8230
0x
8234
0x
823C
0x
8240
0x
8244
0x
8248
0x
824C
0x
8250
0x
8254
0x
8258
0x
825C
0x
8260
0x
8264
0x
8268
0x
826C
0x
8270
0x
8274
0x
8278
0x
827C
0x
8280
0x
8284
0x
8288
0x
828C
0x
8290
0x
8294
0x
8298
0x
829C
0x
82A0
0x
82A4
0x
82A8
0x
82AC
0x
82B0
0x
82B4
0x
82B8
0x
82BC
0x
82C0
0x
82C4
0x
82C8
0x
82CC
0x
82D0
0x
82D4
0x
82D8
0x
82DC
0x
82E0
0x
82E4
0x
82E8
0x
82EC
0x
82F0
0x
82F4
0x
82F8
0x
82FC
0x
8300
0x
8304
0x
8308
0x
830C
0x
8310
0x
8314
0x
8318
0x
831C
0x
8324
0x
8328
0x
832C
0x
8330
0x
8334
0x
8338
0x
833C
0x
8340
0x
8344
0x
8348
0x
834C
0x
8350
0x
8354
0x
8358
0x
835C
0x
8360
0x
8364
0x
8368
0x
836C
0x
8370
0x
8374
0x
8378
0x
837C
0x
8380
0x
8384
0x
8388
0x
838C
0x
8390
0x
8394
0x
8398
0x
839C
0x
83A0
0x
83A4
0x
83A8
0x
83AC
0x
83B0
0x
83B4
0x
83B8
0x
83BC
0x
83C0
0x
83C4
0x
83C8
0x
83CC
0x
83D0
0x
83D4
0x
83D8
0x
83DC
0x
83E0
0x
83E4
0x
83E8
0x
83EC
0x
83F0
0x
83F4
0x
83F8
0x
83FC
0x
7D60
0x
7E90
0x
7D5C
0x
7BCC
0x
8404
0x
8408
0x
840C
0x
8410
0x
8414
0x
8418
0x
841C
0x
8420
0x
8424
0x
8428
0x
842C
0x
8430
0x
8434
0x
8438
0x
843C
0x
8440
0x
8444
0x
8448
0x
844C
0x
8450
0x
8454
0x
8458
0x
845C
0x
8460
0x
8464
0x
8468
0x
846C
0x
8470
0x
8474
0x
8478
0x
847C
0x
8480
0x
8484
0x
8488
0x
848C
0x
8490
0x
8494
0x
8498
0x
849C
0x
84A0
0x
84A4
0x
84A8
0x
84AC
0x
84B0
0x
84B4
0x
84B8
0x
84BC
0x
84C0
0x
84C4
0x
84C8
0x
84CC
0x
84D0
0x
84D4
0x
84D8
0x
84DC
0x
84E0
0x
84E4
0x
84E8
0x
84EC
0x
84F0
0x
84F4
0x
84F8
0x
84FC
0x
8500
0x
8504
0x
8508
0x
850C
0x
8510
0x
8514
0x
8518
0x
851C
0x
8520
0x
8524
0x
8528
0x
852C
0x
8530
0x
8534
0x
8538
0x
853C
0x
8540
0x
8544
0x
8548
0x
854C
0x
8550
0x
8554
0x
8558
0x
855C
0x
8560
0x
8564
0x
8568
0x
856C
0x
8570
0x
8574
0x
8578
0x
857C
0x
8580
0x
8584
0x
8588
0x
858C
0x
8590
0x
8594
0x
8598
0x
859C
0x
85A0
0x
85A4
0x
85A8
0x
85AC
0x
85B0
0x
85B4
0x
85B8
0x
85BC
0x
85C0
0x
85C4
0x
85C8
0x
85CC
0x
85D0
0x
85D4
0x
85D8
0x
85DC
0x
85E0
0x
85E4
0x
85E8
0x
85EC
0x
85F0
0x
85F4
0x
85F8
0x
85FC
0x
8600
0x
8604
0x
8608
0x
860C
0x
8610
0x
8614
0x
8618
0x
861C
0x
8620
0x
8624
0x
8628
0x
862C
0x
8630
0x
8634
0x
8638
0x
863C
0x
8640
0x
8644
0x
8648
0x
864C
0x
8650
0x
8654
0x
8658
0x
865C
0x
8660
0x
8664
0x
8668
0x
866C
0x
8670
0x
8674
0x
8678
0x
867C
0x
8680
0x
8684
0x
8688
0x
868C
0x
8690
0x
8694
0x
8698
0x
869C
0x
86A0
0x
86A4
0x
86A8
0x
86AC
0x
86B0
0x
86B4
0x
86B8
0x
86BC
0x
86C8
0x
86CC
0x
86D0
0x
86D4
0x
86D8
0x
86DC
0x
86E0
0x
86E4
0x
86E8
0x
86EC
0x
86F0
0x
86F4
0x
86F8
0x
86FC
0x
8700
0x
8704
0x
8718
0x
871C
0x
8720
0x
8724
0x
8728
0x
872C
0x
8730
0x
8734
0x
8738
0x
873C
0x
8740
0x
8744
0x
8754
0x
8758
0x
875C
0x
8760
0x
8764
0x
8768
0x
876C
0x
8770
0x
8774
0x
8778
0x
877C
0x
8780
0x
8784
0x
8788
0x
878C
0x
8790
0x
8794
0x
8798
0x
879C
0x
87A0
0x
87A4
0x
87A8
0x
87AC
0x
87B0
0x
87B4
0x
87B8
0x
87BC
0x
87C0
0x
87C8
0x
87CC
0x
87D0
0x
87D4
0x
87D8
0x
87DC
0x
87E0
0x
87E4
0x
87E8
0x
87EC
0x
87F0
0x
87F4
0x
87F8
0x
87FC
0x
6CD0
0x
7CE8
0x
7DD0
0x
7F50
0x
7C0C
0x
814
0x
7BC8
0x
6E44
0x
7D58
0x
7C10
0x
830
0x
7CD0
0x
4828
0x
FFC
0x
8804
0x
8808
0x
880C
0x
8810
0x
8814
0x
8818
0x
881C
0x
8820
0x
8824
0x
8828
0x
882C
0x
8830
0x
8834
0x
8838
0x
883C
0x
8840
0x
8844
0x
8848
0x
884C
0x
8850
0x
8854
0x
8858
0x
885C
0x
8860
0x
8864
0x
8868
0x
886C
0x
8870
0x
8874
0x
8878
0x
887C
0x
8880
0x
8884
0x
8888
0x
888C
0x
8890
0x
8894
0x
8898
0x
889C
0x
88A0
0x
88A4
0x
88A8
0x
88AC
0x
88B0
0x
88B4
0x
88B8
0x
88BC
0x
88C0
0x
88C4
0x
88C8
0x
88CC
0x
88D0
0x
88D4
0x
88D8
0x
88DC
0x
88E0
0x
88E4
0x
88E8
0x
88EC
0x
88F0
0x
88F4
0x
8904
0x
8908
0x
890C
0x
8910
0x
8914
0x
8918
0x
891C
0x
8920
0x
8924
0x
8928
0x
892C
0x
8930
0x
8934
0x
8938
0x
893C
0x
8940
0x
8944
0x
8948
0x
894C
0x
8950
0x
8954
0x
8958
0x
895C
0x
8960
0x
8964
0x
8968
0x
896C
0x
8970
0x
8974
0x
8978
0x
897C
0x
8980
0x
8984
0x
8988
0x
8998
0x
899C
0x
89A0
0x
89A4
0x
89A8
0x
89AC
0x
89B0
0x
89B4
0x
89B8
0x
89BC
0x
89C0
0x
89C4
0x
89C8
0x
89CC
0x
89D0
0x
89D4
0x
89D8
0x
89DC
0x
89E0
0x
89E4
0x
89E8
0x
89EC
0x
89F0
0x
89F4
0x
89F8
0x
89FC
0x
8A00
0x
8A04
0x
8A08
0x
8A0C
0x
8A10
0x
8A18
0x
8A1C
0x
8A20
0x
8A24
0x
8A28
0x
8A2C
0x
8A30
0x
8A34
0x
8A38
0x
8A3C
0x
8A40
0x
8A44
0x
8A48
0x
8A4C
0x
8A50
0x
8A54
0x
8A58
0x
8A5C
0x
8A60
0x
8A64
0x
8A68
0x
8A6C
0x
8A70
0x
8A74
0x
8A78
0x
8A7C
0x
8A80
0x
8A84
0x
8A88
0x
8A8C
0x
8A90
0x
8A94
0x
8A98
0x
8A9C
0x
8AA0
0x
8ABC
0x
8AC0
0x
8AC4
0x
8AC8
0x
8ACC
0x
8AD0
0x
8AD4
0x
8AD8
0x
8ADC
0x
8AE0
0x
8AE4
0x
8AE8
0x
8AEC
0x
8AF0
0x
8AF4
0x
8AF8
0x
8AFC
0x
8B00
0x
8B04
0x
8B08
0x
8B0C
0x
8B10
0x
8B14
0x
8B18
0x
8B1C
0x
8B20
0x
8B24
0x
8B28
0x
8B2C
0x
8B30
0x
8B34
0x
8B38
0x
8B40
0x
8B44
0x
8B48
0x
8B4C
0x
8B50
0x
8B54
0x
8B58
0x
8B5C
0x
8B60
0x
8B64
0x
8B68
0x
8B6C
0x
8B70
0x
8B74
0x
8B78
0x
8B7C
0x
8B80
0x
8B84
0x
8B88
0x
8B8C
0x
8B90
0x
8B94
0x
8B98
0x
8B9C
0x
8BA0
0x
8BA4
0x
8BA8
0x
8BAC
0x
8BB0
0x
8BB4
0x
8BB8
0x
8BBC
0x
8BC0
0x
8BC4
0x
8BC8
0x
8BCC
0x
8BD0
0x
8BD4
0x
8BD8
0x
8BDC
0x
8BE0
0x
8BE4
0x
8BE8
0x
8BEC
0x
8BF0
0x
8BF4
0x
8BF8
0x
8BFC
0x
874C
0x
8714
0x
7FD4
0x
B6C
0x
2D4
0x
6C0C
0x
7FD0
0x
7DCC
0x
51C
0x
818
0x
820
0x
75FC
0x
5944
0x
8C04
0x
8C08
0x
8C0C
0x
8C10
0x
8C14
0x
8C1C
0x
8C20
0x
8C24
0x
8C28
0x
8C2C
0x
8C30
0x
8C34
0x
8C38
0x
8C3C
0x
8C40
0x
8C44
0x
8C48
0x
8C4C
0x
8C50
0x
8C54
0x
8C58
0x
8C5C
0x
8C60
0x
8C64
0x
8C68
0x
8C6C
0x
8C70
0x
8C74
0x
8C78
0x
8C7C
0x
8C80
0x
8C84
0x
8C88
0x
8C8C
0x
8C90
0x
8C94
0x
8C98
0x
8C9C
0x
8CA0
0x
8CA4
0x
8CA8
0x
8CAC
0x
8CB0
0x
8CB4
0x
8CB8
0x
8CBC
0x
8CC0
0x
8CC4
0x
8CC8
0x
8CCC
0x
8CD0
0x
8CD4
0x
8CD8
0x
8CDC
0x
8CE0
0x
8CE4
0x
8CE8
0x
8CEC
0x
8CF0
0x
8CF4
0x
8CF8
0x
8CFC
0x
8D00
0x
8D04
0x
8D08
0x
8D0C
0x
8D10
0x
8D14
0x
8D18
0x
8D1C
0x
8D20
0x
8D24
0x
8D28
0x
8D2C
0x
8D30
0x
8D34
0x
8D38
0x
8D3C
0x
8D40
0x
8D44
0x
8D48
0x
8D4C
0x
8D50
0x
8D54
0x
8D58
0x
8D5C
0x
8D60
0x
8D64
0x
8D68
0x
8D6C
0x
8D70
0x
8D74
0x
8D78
0x
8D7C
0x
8D80
0x
8D84
0x
8D88
0x
8D8C
0x
8D90
0x
8D94
0x
8D98
0x
8D9C
0x
8DA0
0x
8DA4
0x
8DA8
0x
8DB0
0x
8DB4
0x
8DB8
0x
8DBC
0x
8DC0
0x
8DC4
0x
8DC8
0x
8DCC
0x
8DD0
0x
8DD4
0x
8DD8
0x
8DDC
0x
8DE0
0x
8DE4
0x
8DE8
0x
8DEC
0x
8DF0
0x
8DF4
0x
8DF8
0x
8DFC
0x
8E00
0x
8E04
0x
8E08
0x
8E0C
0x
8E10
0x
8E14
0x
8E18
0x
8E1C
0x
8E20
0x
8E24
0x
8E28
0x
8E2C
0x
8E4C
0x
8E50
0x
8E54
0x
8E58
0x
8E5C
0x
8E60
0x
8E64
0x
8E68
0x
8E6C
0x
8E70
0x
8E74
0x
8E78
0x
8E7C
0x
8E80
0x
8E84
0x
8E88
0x
8E8C
0x
8E90
0x
8E94
0x
8E98
0x
8E9C
0x
8EA0
0x
8EA4
0x
8EA8
0x
8EAC
0x
8EB0
0x
8EB4
0x
8EB8
0x
8EBC
0x
8EC0
0x
8EC4
0x
8EC8
0x
8ECC
0x
8ED0
0x
8ED4
0x
8ED8
0x
8EDC
0x
8EE0
0x
8EE4
0x
8EE8
0x
8EEC
0x
8EF0
0x
8EF4
0x
8EF8
0x
8EFC
0x
8F00
0x
8F04
0x
8F08
0x
8F0C
0x
8F10
0x
8F14
0x
8F18
0x
8F1C
0x
8F20
0x
8F24
0x
8F28
0x
8F2C
0x
8F30
0x
8F34
0x
8F38
0x
8F3C
0x
8F40
0x
8F44
0x
8F48
0x
8F4C
0x
8F50
0x
8F54
0x
8F58
0x
8F5C
0x
8F60
0x
8F64
0x
8F68
0x
8F6C
0x
8F70
0x
8F74
0x
8F78
0x
8F7C
0x
8F80
0x
8F84
0x
8F88
0x
8F8C
0x
8F90
0x
8F94
0x
8F98
0x
8F9C
0x
8FA0
0x
8FA4
0x
8FA8
0x
8FAC
0x
8FB0
0x
8FB4
0x
8FB8
0x
8FBC
0x
8FC0
0x
8FC4
0x
8FC8
0x
8FCC
0x
8FD0
0x
8FD4
0x
8FD8
0x
8FDC
0x
8FE0
0x
8FE4
0x
8FE8
0x
8FEC
0x
8FF0
0x
8FF4
0x
8FF8
0x
8FFC
0x
8AA8
0x
8AAC
0x
870C
0x
7CEC
0x
8AA4
0x
8994
0x
88FC
0x
8AB8
0x
8C18
0x
86C4
0x
8708
0x
8AB4
0x
88F8
0x
87C4
0x
898C
0x
86C0
0x
8748
0x
8990
0x
8750
0x
8710
0x
9004
0x
9008
0x
900C
0x
9010
0x
9024
0x
9028
0x
902C
0x
9030
0x
9034
0x
9038
0x
903C
0x
9040
0x
9044
0x
9048
0x
904C
0x
9050
0x
9054
0x
9058
0x
905C
0x
9060
0x
9064
0x
9068
0x
906C
0x
9070
0x
9074
0x
9078
0x
907C
0x
9080
0x
9084
0x
9088
0x
908C
0x
9090
0x
9094
0x
9098
0x
909C
0x
90A0
0x
90A4
0x
90A8
0x
90AC
0x
90B0
0x
90B4
0x
90B8
0x
90BC
0x
90C0
0x
90C4
0x
90C8
0x
90CC
0x
90D0
0x
90D4
0x
90D8
0x
90DC
0x
90E0
0x
90E4
0x
90E8
0x
90F0
0x
90F4
0x
90F8
0x
90FC
0x
9100
0x
9104
0x
9108
0x
910C
0x
9110
0x
9114
0x
9118
0x
911C
0x
9120
0x
9124
0x
9128
0x
912C
0x
9130
0x
9134
0x
9138
0x
913C
0x
9140
0x
9144
0x
9148
0x
914C
0x
9150
0x
9154
0x
9158
0x
915C
0x
9160
0x
9164
0x
9168
0x
916C
0x
9170
0x
9174
0x
9178
0x
917C
0x
9180
0x
9184
0x
9188
0x
918C
0x
9190
0x
9194
0x
9198
0x
919C
0x
91A0
0x
91A4
0x
91A8
0x
91AC
0x
91B0
0x
91B4
0x
91B8
0x
91BC
0x
91C0
0x
91C4
0x
91C8
0x
91CC
0x
91D0
0x
91D4
0x
91D8
0x
91DC
0x
91E0
0x
91E4
0x
91E8
0x
91EC
0x
91F0
0x
91F4
0x
91F8
0x
91FC
0x
9200
0x
9204
0x
9208
0x
920C
0x
9210
0x
9214
0x
9218
0x
921C
0x
9220
0x
9224
0x
9228
0x
922C
0x
9230
0x
9234
0x
9238
0x
923C
0x
9240
0x
9248
0x
924C
0x
9250
0x
9254
0x
9258
0x
925C
0x
9260
0x
9264
0x
9268
0x
926C
0x
9270
0x
9274
0x
9278
0x
927C
0x
9280
0x
9284
0x
9288
0x
928C
0x
9290
0x
9294
0x
9298
0x
929C
0x
92A0
0x
92A4
0x
92A8
0x
92AC
0x
92B0
0x
92B4
0x
92B8
0x
92BC
0x
92C0
0x
92C4
0x
92C8
0x
92CC
0x
92D0
0x
92D4
0x
92D8
0x
92DC
0x
92E0
0x
92E4
0x
92E8
0x
92EC
0x
92F0
0x
92F4
0x
92F8
0x
92FC
0x
9300
0x
9304
0x
9308
0x
930C
0x
9310
0x
9314
0x
9318
0x
931C
0x
9320
0x
9324
0x
9328
0x
932C
0x
9330
0x
9334
0x
9338
0x
933C
0x
9340
0x
9344
0x
9348
0x
934C
0x
9350
0x
9354
0x
9358
0x
935C
0x
9360
0x
9364
0x
9368
0x
936C
0x
9370
0x
9374
0x
9378
0x
937C
0x
9380
0x
9384
0x
9388
0x
938C
0x
9390
0x
9394
0x
9398
0x
939C
0x
93A0
0x
93A4
0x
93A8
0x
93AC
0x
93B0
0x
93B4
0x
93B8
0x
93BC
0x
93C0
0x
93C4
0x
93C8
0x
93CC
0x
93D0
0x
93D4
0x
93D8
0x
93DC
0x
93E0
0x
93E4
0x
93E8
0x
93EC
0x
93F0
0x
93F4
0x
93F8
0x
93FC
0x
90EC
0x
9404
0x
9408
0x
940C
0x
9410
0x
9414
0x
9418
0x
941C
0x
9420
0x
9424
0x
9428
0x
942C
0x
9430
0x
9434
0x
9438
0x
943C
0x
9440
0x
9444
0x
9448
0x
944C
0x
9450
0x
9454
0x
9458
0x
945C
0x
9460
0x
9464
0x
9468
0x
946C
0x
9470
0x
9474
0x
9478
0x
947C
0x
9480
0x
9484
0x
9488
0x
948C
0x
9490
0x
9494
0x
9498
0x
949C
0x
94A0
0x
94A4
0x
94A8
0x
94AC
0x
94B0
0x
94B4
0x
94B8
0x
94BC
0x
94C0
0x
94C4
0x
94C8
0x
94CC
0x
94D0
0x
94D4
0x
94D8
0x
94DC
0x
94E0
0x
94E4
0x
94E8
0x
94EC
0x
94F0
0x
94F4
0x
94F8
0x
94FC
0x
9500
0x
9504
0x
9508
0x
950C
0x
9510
0x
9514
0x
9518
0x
951C
0x
9520
0x
9524
0x
9528
0x
952C
0x
9530
0x
9534
0x
9538
0x
953C
0x
9540
0x
9544
0x
9548
0x
954C
0x
9550
0x
9554
0x
9558
0x
955C
0x
9560
0x
9564
0x
9568
0x
956C
0x
9570
0x
9574
0x
9578
0x
957C
0x
9580
0x
9584
0x
9588
0x
958C
0x
9590
0x
9594
0x
9598
0x
959C
0x
95A0
0x
95A4
0x
95A8
0x
95AC
0x
95B0
0x
95B4
0x
95B8
0x
95BC
0x
95C0
0x
95C4
0x
95C8
0x
95CC
0x
95D0
0x
95D4
0x
95D8
0x
95DC
0x
95E0
0x
95E4
0x
95E8
0x
95EC
0x
95F0
0x
95F4
0x
95F8
0x
95FC
0x
9600
0x
9604
0x
9608
0x
960C
0x
9610
0x
9614
0x
9618
0x
961C
0x
9620
0x
9624
0x
9628
0x
962C
0x
9630
0x
9634
0x
9638
0x
963C
0x
9640
0x
9644
0x
9648
0x
964C
0x
9650
0x
9654
0x
9658
0x
965C
0x
9660
0x
9664
0x
9668
0x
966C
0x
9670
0x
9674
0x
9678
0x
967C
0x
9680
0x
9684
0x
9688
0x
968C
0x
9690
0x
9694
0x
9698
0x
969C
0x
96A0
0x
96A4
0x
96A8
0x
96AC
0x
96B0
0x
96B4
0x
96B8
0x
96BC
0x
96C0
0x
96C4
0x
96C8
0x
96CC
0x
96D0
0x
96D4
0x
96D8
0x
96DC
0x
96E0
0x
96E4
0x
96E8
0x
96EC
0x
96F0
0x
96F4
0x
96F8
0x
96FC
0x
9700
0x
9704
0x
9708
0x
970C
0x
9710
0x
9714
0x
9718
0x
971C
0x
9720
0x
9724
0x
9728
0x
972C
0x
9730
0x
9734
0x
9738
0x
973C
0x
9740
0x
9744
0x
9748
0x
974C
0x
9750
0x
9754
0x
9758
0x
975C
0x
9760
0x
9764
0x
9768
0x
976C
0x
9770
0x
9774
0x
9778
0x
977C
0x
9780
0x
9784
0x
9788
0x
978C
0x
9790
0x
9794
0x
9798
0x
979C
0x
97A0
0x
97A4
0x
97A8
0x
97AC
0x
97B0
0x
97B4
0x
97B8
0x
97BC
0x
97C0
0x
97C4
0x
97C8
0x
97CC
0x
97D0
0x
97D4
0x
97D8
0x
97DC
0x
97E0
0x
97E4
0x
97E8
0x
97EC
0x
97F0
0x
97F4
0x
97F8
0x
97FC
0x
9804
0x
9808
0x
980C
0x
9818
0x
981C
0x
9820
0x
9824
0x
9828
0x
982C
0x
9830
0x
9834
0x
9838
0x
983C
0x
9840
0x
9844
0x
9848
0x
984C
0x
9850
0x
9854
0x
9858
0x
985C
0x
9860
0x
9864
0x
9868
0x
986C
0x
9870
0x
9874
0x
9878
0x
987C
0x
9880
0x
9884
0x
9888
0x
988C
0x
9890
0x
9894
0x
9898
0x
989C
0x
98A0
0x
98A4
0x
98A8
0x
98AC
0x
98B0
0x
98B4
0x
98B8
0x
98BC
0x
98C0
0x
98D4
0x
98D8
0x
98DC
0x
98E0
0x
98E4
0x
98E8
0x
98EC
0x
98F0
0x
98F4
0x
98F8
0x
98FC
0x
9900
0x
9904
0x
9908
0x
990C
0x
9910
0x
9914
0x
9918
0x
991C
0x
9920
0x
9924
0x
9928
0x
992C
0x
9930
0x
9934
0x
9938
0x
993C
0x
991C
0x
9940
0x
99B4
0x
99B8
0x
99BC
0x
99C0
0x
99C4
0x
99C8
0x
99CC
0x
99D0
0x
99D4
0x
99D8
0x
99DC
0x
99E0
0x
99E4
0x
99E8
0x
99EC
0x
99F0
0x
99F4
0x
99F8
0x
99FC
0x
9A00
0x
9A04
0x
9A08
0x
9A0C
0x
9A10
0x
9A14
0x
9A18
0x
9A1C
0x
9A20
0x
9A24
0x
9A28
0x
9A2C
0x
9A30
0x
9A34
0x
9A38
0x
9A3C
0x
9A40
0x
9A44
0x
9A48
0x
9A4C
0x
9A54
0x
9A58
0x
9A5C
0x
9A60
0x
9A64
0x
9A68
0x
9A6C
0x
9A70
0x
9A74
0x
9A78
0x
9A7C
0x
9A80
0x
9A84
0x
9A88
0x
9A8C
0x
9A90
0x
9A94
0x
9A98
0x
9A9C
0x
9AA0
0x
9AA4
0x
9AA8
0x
9AB0
0x
9AB4
0x
9AB8
0x
9ABC
0x
9AC0
0x
9AC4
0x
9AC8
0x
9ACC
0x
9AD0
0x
9AD4
0x
9AD8
0x
9ADC
0x
9AE0
0x
9AE4
0x
9AE8
0x
9AEC
0x
9AF0
0x
9AF4
0x
9AF8
0x
9AFC
0x
9B00
0x
9B04
0x
9B08
0x
9B0C
0x
9B10
0x
9B14
0x
9B18
0x
9B1C
0x
9B20
0x
9B24
0x
9B28
0x
9B2C
0x
9B30
0x
9B34
0x
9B38
0x
9B3C
0x
9B40
0x
9B44
0x
9B48
0x
9B4C
0x
9B50
0x
9B54
0x
9B58
0x
9B5C
0x
9B60
0x
9B64
0x
9B68
0x
9B6C
0x
9B70
0x
9B74
0x
9B78
0x
9B7C
0x
9B80
0x
9B84
0x
9B88
0x
9B8C
0x
9B90
0x
9B94
0x
9B98
0x
9B9C
0x
9BA0
0x
9BA4
0x
9BA8
0x
9BAC
0x
9BB0
0x
9BB4
0x
9BB8
0x
9BBC
0x
9BC0
0x
9BC4
0x
9BC8
0x
9BCC
0x
9BD0
0x
9BD4
0x
9BD8
0x
9BDC
0x
9BE0
0x
9BE4
0x
9BE8
0x
9BEC
0x
9BF0
0x
9BF4
0x
9BF8
0x
9BFC
0x
98D0
0x
9948
0x
8AB0
0x
93A8
0x
93A4
0x
9A50
0x
9C04
0x
9C08
0x
9C0C
0x
9C10
0x
9C14
0x
9C18
0x
9C1C
0x
9C20
0x
9C24
0x
9C28
0x
9C2C
0x
9C30
0x
9C34
0x
9C38
0x
9C3C
0x
9C40
0x
9C44
0x
9C48
0x
9C4C
0x
9C50
0x
9C54
0x
9C58
0x
9C5C
0x
9C60
0x
9C64
0x
9C68
0x
9C6C
0x
9C70
0x
9C74
0x
9C78
0x
9C7C
0x
9C80
0x
9C84
0x
9C88
0x
9C8C
0x
9C90
0x
9C94
0x
9C98
0x
9C9C
0x
9CA0
0x
9CA4
0x
9CA8
0x
9CAC
0x
9CB0
0x
9CB4
0x
9CB8
0x
9CBC
0x
9CC0
0x
9CC4
0x
9CC8
0x
9CCC
0x
9CD0
0x
9CD4
0x
9CD8
0x
9CDC
0x
9CE0
0x
9CE4
0x
9CE8
0x
9CEC
0x
9CF0
0x
9CF4
0x
9CF8
0x
9CFC
0x
9D00
0x
9D04
0x
9D08
0x
9D0C
0x
9D10
0x
9D14
0x
9D18
0x
9D1C
0x
9D20
0x
9D24
0x
9D28
0x
9D2C
0x
9D30
0x
9D34
0x
9D38
0x
9D3C
0x
9D40
0x
9D44
0x
9D48
0x
9D4C
0x
9D50
0x
9D54
0x
9D58
0x
9D5C
0x
9D60
0x
9D64
0x
9D68
0x
9D6C
0x
9D70
0x
9D74
0x
9D78
0x
9D7C
0x
9D80
0x
9D84
0x
9D88
0x
9D8C
0x
9D90
0x
9D94
0x
9D98
0x
9D9C
0x
9DA0
0x
9DA4
0x
9DA8
0x
9DAC
0x
9DB0
0x
9DB4
0x
9DB8
0x
9DBC
0x
9DC0
0x
9DC4
0x
9DC8
0x
9DCC
0x
9DD0
0x
9DD4
0x
9DD8
0x
9DDC
0x
9DE0
0x
9DE4
0x
9DE8
0x
9DEC
0x
9DF0
0x
9DF4
0x
9DF8
0x
9DFC
0x
9E00
0x
9E04
0x
9E08
0x
9E0C
0x
9E10
0x
9E14
0x
9E18
0x
9E1C
0x
9E20
0x
9E24
0x
9E28
0x
9E2C
0x
9E30
0x
9E34
0x
9E38
0x
9E3C
0x
9E40
0x
9E44
0x
9E48
0x
9E4C
0x
9E50
0x
9E54
0x
9E58
0x
9E5C
0x
9E60
0x
9E64
0x
9E68
0x
9E6C
0x
9E70
0x
9E74
0x
9E78
0x
9E7C
0x
9E80
0x
9E84
0x
9E88
0x
9E8C
0x
9E90
0x
9E94
0x
9E98
0x
9E9C
0x
9EA0
0x
9EA4
0x
9EA8
0x
9EAC
0x
9EB0
0x
9EB4
0x
9EB8
0x
9EBC
0x
9EC0
0x
9EC4
0x
9EC8
0x
9ECC
0x
9ED0
0x
9ED4
0x
9ED8
0x
9EDC
0x
9EE0
0x
9EE8
0x
9EEC
0x
9EF0
0x
9EF4
0x
9EF8
0x
9EFC
0x
9F00
0x
9F04
0x
9F08
0x
9F0C
0x
9F10
0x
9F14
0x
9F18
0x
9F1C
0x
9F20
0x
9F24
0x
9F28
0x
9F2C
0x
9F30
0x
9F34
0x
9F38
0x
9F3C
0x
9F40
0x
9F44
0x
9F48
0x
9F4C
0x
9F50
0x
9F54
0x
9F58
0x
9F5C
0x
9F60
0x
9F64
0x
9F68
0x
9F6C
0x
9F70
0x
9F74
0x
9F78
0x
9F7C
0x
9F80
0x
9F84
0x
9F88
0x
9F8C
0x
9F90
0x
9F94
0x
9F98
0x
9F9C
0x
9FA0
0x
9FA4
0x
9FA8
0x
9FAC
0x
9FB0
0x
9FB4
0x
9FB8
0x
9FBC
0x
9FC0
0x
9FC4
0x
9FC8
0x
9FCC
0x
9FD0
0x
9FD4
0x
9FD8
0x
9FDC
0x
9FE0
0x
9FE4
0x
9FE8
0x
9FEC
0x
9FF0
0x
9FF4
0x
9FF8
0x
9FFC
0x
A004
0x
A008
0x
A00C
0x
A010
0x
A014
0x
A018
0x
A020
0x
A024
0x
A028
0x
A02C
0x
A030
0x
A034
0x
A038
0x
A03C
0x
A040
0x
A044
0x
A048
0x
A04C
0x
A050
0x
A054
0x
A058
0x
A05C
0x
A060
0x
A064
0x
A068
0x
A06C
0x
A070
0x
A074
0x
A078
0x
A07C
0x
A080
0x
A084
0x
A088
0x
A08C
0x
A090
0x
A094
0x
A098
0x
A09C
0x
A0A0
0x
A0A4
0x
A0A8
0x
A0AC
0x
A0B0
0x
A0B4
0x
A0B8
0x
A0BC
0x
A0C0
0x
A0C4
0x
A0C8
0x
A0CC
0x
A0D0
0x
A0D4
0x
A0D8
0x
A0DC
0x
A0E0
0x
A0E8
0x
A0EC
0x
A0F0
0x
A0F4
0x
A0F8
0x
A0FC
0x
A100
0x
A104
0x
A108
0x
A10C
0x
A110
0x
A114
0x
A118
0x
A11C
0x
A120
0x
A124
0x
A128
0x
A12C
0x
A130
0x
A134
0x
A138
0x
A13C
0x
A140
0x
A144
0x
A148
0x
A14C
0x
A150
0x
A154
0x
A158
0x
A15C
0x
A160
0x
A164
0x
A168
0x
A16C
0x
A170
0x
A174
0x
A178
0x
A17C
0x
A180
0x
A184
0x
A188
0x
A18C
0x
A190
0x
A194
0x
A198
0x
A19C
0x
A1A0
0x
A1A4
0x
A1A8
0x
A1AC
0x
A1B0
0x
A1B4
0x
A1B8
0x
A1BC
0x
A1C0
0x
A1C4
0x
A1C8
0x
A1CC
0x
A1D0
0x
A1D4
0x
A1D8
0x
A1DC
0x
A1E0
0x
A1E4
0x
A1E8
0x
A1EC
0x
A1F0
0x
A1F4
0x
A1F8
0x
A1FC
0x
A200
0x
A204
0x
A208
0x
A20C
0x
A210
0x
A214
0x
A218
0x
A21C
0x
A220
0x
A224
0x
A228
0x
A22C
0x
A230
0x
A234
0x
A238
0x
A23C
0x
A240
0x
A244
0x
A248
0x
A24C
0x
A250
0x
A254
0x
A258
0x
A25C
0x
A260
0x
A264
0x
A268
0x
A26C
0x
A270
0x
A274
0x
A278
0x
A27C
0x
A280
0x
A284
0x
A288
0x
A28C
0x
A290
0x
A294
0x
A298
0x
A29C
0x
A2A0
0x
A2A4
0x
A2A8
0x
A2AC
0x
A2B0
0x
A2B4
0x
A2B8
0x
A2BC
0x
A2C0
0x
A2C4
0x
A2C8
0x
A2CC
0x
A2D0
0x
A2D4
0x
A2D8
0x
A2DC
0x
A2E0
0x
A2E4
0x
A2E8
0x
A2EC
0x
A2F0
0x
A2F4
0x
A2F8
0x
A2FC
0x
A300
0x
A304
0x
A308
0x
A30C
0x
A310
0x
A314
0x
A318
0x
A31C
0x
A320
0x
A324
0x
A328
0x
A32C
0x
A330
0x
A334
0x
A338
0x
A33C
0x
A340
0x
A344
0x
A348
0x
A34C
0x
A350
0x
A354
0x
A358
0x
A35C
0x
A360
0x
A364
0x
A368
0x
A36C
0x
A370
0x
A374
0x
A378
0x
A37C
0x
A380
0x
A384
0x
A388
0x
A38C
0x
A390
0x
A394
0x
A398
0x
A39C
0x
A3A0
0x
A3A4
0x
A3A8
0x
A3AC
0x
A3B0
0x
A3B4
0x
A3B8
0x
A3BC
0x
A3C0
0x
A3C4
0x
A3C8
0x
A3CC
0x
A3D0
0x
A3D4
0x
A3D8
0x
A3DC
0x
A3E0
0x
A3E4
0x
A3E8
0x
A3EC
0x
A3F0
0x
A3F4
0x
A3F8
0x
A3FC
0x
999C
0x
99A0
0x
9814
0x
9998
0x
9958
0x
998C
0x
9974
0x
9810
0x
99A8
0x
9AAC
0x
99A4
0x
98C8
0x
997C
0x
994C
0x
98CC
0x
9978
0x
9994
0x
9988
0x
A404
0x
A408
0x
A40C
0x
A410
0x
A414
0x
A418
0x
A41C
0x
A420
0x
A424
0x
A428
0x
A42C
0x
A430
0x
A434
0x
A438
0x
A43C
0x
A440
0x
A444
0x
A448
0x
A44C
0x
A450
0x
A454
0x
A458
0x
A45C
0x
A460
0x
A464
0x
A468
0x
A46C
0x
A470
0x
A474
0x
A478
0x
A47C
0x
A480
0x
A484
0x
A488
0x
A48C
0x
A490
0x
A494
0x
A49C
0x
A4A0
0x
A4A4
0x
A4A8
0x
A4AC
0x
A4B0
0x
A4B4
0x
A4B8
0x
A4BC
0x
A4C0
0x
A4C4
0x
A4C8
0x
A4CC
0x
A4D0
0x
A4D4
0x
A4D8
0x
A4DC
0x
A4E0
0x
A4E4
0x
A4E8
0x
A4EC
0x
A4F0
0x
A4F4
0x
A4F8
0x
A4FC
0x
A500
0x
A504
0x
A508
0x
A50C
0x
A510
0x
A514
0x
A518
0x
A51C
0x
A520
0x
A524
0x
A528
0x
A52C
0x
A530
0x
A534
0x
A538
0x
A53C
0x
A540
0x
A544
0x
A548
0x
A54C
0x
A550
0x
A554
0x
A558
0x
A55C
0x
A560
0x
A564
0x
A568
0x
A56C
0x
A570
0x
A574
0x
A578
0x
A57C
0x
A580
0x
A584
0x
A588
0x
A58C
0x
A590
0x
A594
0x
A598
0x
A59C
0x
A5A0
0x
A5A4
0x
A5A8
0x
A5AC
0x
A5B0
0x
A5B4
0x
A5B8
0x
A5BC
0x
A5C0
0x
A5C4
0x
A5C8
0x
A5CC
0x
A5D0
0x
A5D4
0x
A5D8
0x
A5DC
0x
A5E0
0x
A5E4
0x
A5E8
0x
A5EC
0x
A5F0
0x
A5F4
0x
A5F8
0x
A5FC
0x
A600
0x
A604
0x
A608
0x
A60C
0x
A610
0x
A614
0x
A618
0x
A61C
0x
A620
0x
A624
0x
A628
0x
A62C
0x
A630
0x
A634
0x
A638
0x
A63C
0x
A640
0x
A644
0x
A648
0x
A64C
0x
A650
0x
A654
0x
A658
0x
A65C
0x
A660
0x
A664
0x
A668
0x
A66C
0x
A670
0x
A674
0x
A678
0x
A67C
0x
A680
0x
A684
0x
A688
0x
A68C
0x
A690
0x
A694
0x
A698
0x
A69C
0x
A6A0
0x
A6A4
0x
A6A8
0x
A6AC
0x
A6B0
0x
A6B4
0x
A6B8
0x
A6BC
0x
A6C0
0x
A6C4
0x
A6C8
0x
A6CC
0x
A6D0
0x
A6D4
0x
A6D8
0x
A6DC
0x
A6E0
0x
A6E4
0x
A6E8
0x
A6EC
0x
A6F0
0x
A6F4
0x
A6F8
0x
A6FC
0x
A700
0x
A704
0x
A708
0x
A70C
0x
A710
0x
A714
0x
A718
0x
A71C
0x
A720
0x
A724
0x
A728
0x
A72C
0x
A730
0x
A734
0x
A738
0x
A73C
0x
A740
0x
A744
0x
A748
0x
A74C
0x
A750
0x
A754
0x
A758
0x
A75C
0x
A760
0x
A764
0x
A768
0x
A76C
0x
A770
0x
A774
0x
A778
0x
A77C
0x
A780
0x
A784
0x
A788
0x
A78C
0x
A790
0x
A794
0x
A798
0x
A79C
0x
A7A0
0x
A7A4
0x
A7A8
0x
A7AC
0x
A7B0
0x
A7B4
0x
A7B8
0x
A7BC
0x
A7C0
0x
A7C4
0x
A7C8
0x
A7CC
0x
A7D0
0x
A7D4
0x
A7D8
0x
A7DC
0x
A7E0
0x
A7E4
0x
A7E8
0x
A7EC
0x
A7F0
0x
A7F4
0x
A7F8
0x
A7FC
0x
98C4
0x
9990
0x
9954
0x
A804
0x
A808
0x
A80C
0x
A810
0x
A814
0x
A818
0x
A820
0x
A824
0x
A828
0x
A82C
0x
A830
0x
A834
0x
A838
0x
A83C
0x
A840
0x
A844
0x
A848
0x
A84C
0x
A850
0x
A854
0x
A858
0x
A85C
0x
A860
0x
A864
0x
A868
0x
A86C
0x
A870
0x
A874
0x
A878
0x
A87C
0x
A880
0x
A884
0x
A888
0x
A88C
0x
A890
0x
A894
0x
A898
0x
A89C
0x
A8A0
0x
A8A4
0x
A8A8
0x
A8AC
0x
A8B0
0x
A8B4
0x
A8B8
0x
A8BC
0x
A8C0
0x
A8C4
0x
A8C8
0x
A8CC
0x
A8D0
0x
A8D4
0x
A8D8
0x
A8DC
0x
A8E0
0x
A8E4
0x
A8E8
0x
A8EC
0x
A8F0
0x
A8F4
0x
A8F8
0x
A8FC
0x
A900
0x
A904
0x
A908
0x
A90C
0x
A910
0x
A914
0x
A918
0x
A91C
0x
A920
0x
A924
0x
A928
0x
A92C
0x
A930
0x
A934
0x
A938
0x
A93C
0x
A940
0x
A944
0x
A948
0x
A94C
0x
A950
0x
A954
0x
A958
0x
A95C
0x
A960
0x
A964
0x
A968
0x
A96C
0x
A970
0x
A974
0x
A978
0x
A97C
0x
A980
0x
A984
0x
A988
0x
A98C
0x
A990
0x
A994
0x
A998
0x
A99C
0x
A9A0
0x
A9A4
0x
A9A8
0x
A9AC
0x
A9B0
0x
A9B4
0x
A9B8
0x
A9BC
0x
A9C0
0x
A9C4
0x
A9C8
0x
A9CC
0x
A9D0
0x
A9D4
0x
A9D8
0x
A9DC
0x
A9E0
0x
A9E4
0x
A9E8
0x
A9EC
0x
A9F0
0x
A9F4
0x
A9F8
0x
A9FC
0x
AA00
0x
AA04
0x
AA08
0x
AA0C
0x
AA10
0x
AA14
0x
AA18
0x
AA1C
0x
AA20
0x
AA24
0x
AA28
0x
AA2C
0x
AA30
0x
AA34
0x
AA38
0x
AA3C
0x
AA40
0x
AA44
0x
AA48
0x
AA4C
0x
AA50
0x
AA54
0x
AA58
0x
AA5C
0x
AA60
0x
AA64
0x
AA68
0x
AA6C
0x
AA70
0x
AA74
0x
AA78
0x
AA7C
0x
AA80
0x
AA84
0x
AA88
0x
AA8C
0x
AA90
0x
AA94
0x
AA98
0x
AA9C
0x
AAA0
0x
AAA4
0x
AAA8
0x
AAAC
0x
AAB0
0x
AAB4
0x
AAB8
0x
AABC
0x
AAC0
0x
AAC4
0x
AAC8
0x
AACC
0x
AAD0
0x
AAD4
0x
AAD8
0x
AADC
0x
AAE0
0x
AAE4
0x
AAE8
0x
AAEC
0x
AAF0
0x
AAF4
0x
AAF8
0x
AAFC
0x
AB00
0x
AB04
0x
AB08
0x
AB0C
0x
AB10
0x
AB14
0x
AB18
0x
AB1C
0x
AB20
0x
AB24
0x
AB28
0x
AB2C
0x
AB30
0x
AB34
0x
AB38
0x
AB3C
0x
AB40
0x
AB44
0x
AB48
0x
AB4C
0x
AB50
0x
AB54
0x
AB58
0x
AB5C
0x
AB60
0x
AB64
0x
AB68
0x
AB6C
0x
AB70
0x
AB74
0x
AB78
0x
AB7C
0x
AB80
0x
AB84
0x
AB88
0x
AB8C
0x
AB90
0x
AB94
0x
AB98
0x
AB9C
0x
ABA0
0x
ABA4
0x
ABA8
0x
ABAC
0x
ABB0
0x
ABB4
0x
ABB8
0x
ABBC
0x
ABC0
0x
ABC4
0x
ABC8
0x
ABCC
0x
ABD0
0x
ABD4
0x
ABD8
0x
ABDC
0x
ABE0
0x
ABE4
0x
ABE8
0x
ABEC
0x
ABF0
0x
ABF4
0x
ABF8
0x
ABFC
0x
AC04
0x
AC08
0x
AC0C
0x
AC10
0x
AC14
0x
AC18
0x
AC1C
0x
AC20
0x
AC24
0x
AC28
0x
AC2C
0x
AC30
0x
AC34
0x
AC38
0x
AC3C
0x
AC40
0x
AC44
0x
AC48
0x
AC4C
0x
AC50
0x
AC54
0x
AC58
0x
AC5C
0x
AC60
0x
AC64
0x
AC68
0x
AC6C
0x
AC70
0x
AC74
0x
AC78
0x
AC7C
0x
AC80
0x
AC84
0x
AC88
0x
AC8C
0x
AC90
0x
AC94
0x
AC98
0x
AC9C
0x
ACA0
0x
ACA4
0x
ACA8
0x
ACAC
0x
ACB0
0x
ACB4
0x
ACB8
0x
ACBC
0x
ACC0
0x
ACC4
0x
ACC8
0x
ACCC
0x
ACD0
0x
ACD4
0x
ACD8
0x
ACDC
0x
ACE0
0x
ACE4
0x
ACE8
0x
ACEC
0x
ACF0
0x
ACF4
0x
ACF8
0x
ACFC
0x
AD00
0x
AD04
0x
AD08
0x
AD0C
0x
AD10
0x
AD14
0x
AD18
0x
AD1C
0x
AD20
0x
AD24
0x
AD28
0x
AD2C
0x
AD30
0x
AD34
0x
AD38
0x
AD3C
0x
AD40
0x
AD44
0x
AD48
0x
AD4C
0x
AD50
0x
AD54
0x
AD58
0x
AD5C
0x
AD60
0x
AD64
0x
AD68
0x
AD6C
0x
AD70
0x
AD74
0x
AD78
0x
AD7C
0x
AD80
0x
AD84
0x
AD88
0x
AD8C
0x
AD90
0x
AD94
0x
AD98
0x
AD9C
0x
ADA0
0x
ADA4
0x
ADA8
0x
ADAC
0x
ADB0
0x
ADB4
0x
ADB8
0x
ADBC
0x
ADC0
0x
ADC4
0x
ADC8
0x
ADCC
0x
ADD0
0x
ADD4
0x
ADD8
0x
ADDC
0x
ADE0
0x
ADE4
0x
ADE8
0x
ADEC
0x
ADF0
0x
ADF4
0x
ADF8
0x
ADFC
0x
AE00
0x
AE04
0x
AE08
0x
AE0C
0x
AE10
0x
AE14
0x
AE18
0x
AE1C
0x
AE20
0x
AE24
0x
AE28
0x
AE2C
0x
AE30
0x
AE34
0x
AE38
0x
AE3C
0x
AE40
0x
AE44
0x
AE48
0x
AE4C
0x
AE50
0x
AE54
0x
AE58
0x
AE5C
0x
AE60
0x
AE64
0x
AE68
0x
AE6C
0x
AE70
0x
AE74
0x
AE78
0x
AE7C
0x
AE80
0x
AE84
0x
AE88
0x
AE8C
0x
AE90
0x
AE94
0x
AE98
0x
AE9C
0x
AEA0
0x
AEA4
0x
AEA8
0x
AEAC
0x
AEB0
0x
AEB4
0x
AEB8
0x
AEBC
0x
AEC0
0x
AEC4
0x
AEC8
0x
AECC
0x
AED0
0x
AED4
0x
AED8
0x
AEDC
0x
AEE0
0x
AEE4
0x
AEE8
0x
AEEC
0x
AEF0
0x
AEF4
0x
AEF8
0x
AEFC
0x
AF00
0x
AF04
0x
AF08
0x
AF0C
0x
AF10
0x
AF14
0x
AF1C
0x
AF20
0x
AF24
0x
AF28
0x
AF2C
0x
AF30
0x
AF34
0x
AF38
0x
AF3C
0x
AF40
0x
AF44
0x
AF48
0x
AF4C
0x
AF50
0x
AF54
0x
AF58
0x
AF5C
0x
AF60
0x
AF64
0x
AF68
0x
AF6C
0x
AF70
0x
AF74
0x
AF78
0x
AF7C
0x
AF80
0x
AF84
0x
AF88
0x
AF8C
0x
AF90
0x
AF94
0x
AF98
0x
AF9C
0x
AFA0
0x
AFA4
0x
AFA8
0x
AFAC
0x
AFB0
0x
AFB4
0x
AFB8
0x
AFBC
0x
AFC0
0x
AFC4
0x
AFC8
0x
AFCC
0x
AFD0
0x
AFD4
0x
AFD8
0x
AFDC
0x
AFE0
0x
AFE4
0x
AFE8
0x
AFEC
0x
AFF0
0x
AFF4
0x
AFF8
0x
AFFC
0x
B004
0x
B008
0x
B00C
0x
B010
0x
B014
0x
B018
0x
B01C
0x
B020
0x
B024
0x
B028
0x
B02C
0x
B030
0x
B034
0x
B038
0x
B03C
0x
B040
0x
B044
0x
B048
0x
B04C
0x
B050
0x
B054
0x
B058
0x
B05C
0x
B060
0x
B064
0x
B068
0x
B06C
0x
B070
0x
B074
0x
B078
0x
B07C
0x
B080
0x
B084
0x
B088
0x
B08C
0x
B090
0x
B094
0x
B098
0x
B09C
0x
B0A0
0x
B0A4
0x
B0A8
0x
B0AC
0x
B0B0
0x
B0B4
0x
B0B8
0x
B0BC
0x
B0C0
0x
B0C4
0x
B0C8
0x
B0CC
0x
B0D0
0x
B0D4
0x
B0D8
0x
B0DC
0x
B0E0
0x
B0E4
0x
B0E8
0x
B0EC
0x
B0F0
0x
B0F4
0x
B0F8
0x
B0FC
0x
B100
0x
B104
0x
B108
0x
B10C
0x
B110
0x
B114
0x
B118
0x
B11C
0x
B120
0x
B124
0x
B128
0x
B12C
0x
B130
0x
B134
0x
B138
0x
B13C
0x
B140
0x
B144
0x
B148
0x
B14C
0x
B150
0x
B154
0x
B158
0x
B15C
0x
B160
0x
B164
0x
B168
0x
B16C
0x
B170
0x
B174
0x
B178
0x
B17C
0x
B180
0x
B184
0x
B188
0x
B18C
0x
B190
0x
B194
0x
B198
0x
B19C
0x
B1A0
0x
B1A4
0x
B1A8
0x
B1AC
0x
B1B0
0x
B1B4
0x
B1B8
0x
B1BC
0x
B1C0
0x
B1C4
0x
B1C8
0x
B1CC
0x
B1D0
0x
B1D4
0x
B1D8
0x
B1DC
0x
B1E0
0x
B1E4
0x
B1E8
0x
B1EC
0x
B1F0
0x
B1F4
0x
B1F8
0x
B1FC
0x
B200
0x
B204
0x
B208
0x
B20C
0x
B210
0x
B214
0x
B218
0x
B21C
0x
B220
0x
B224
0x
B228
0x
B22C
0x
B230
0x
B234
0x
B238
0x
B23C
0x
B240
0x
B244
0x
B248
0x
B24C
0x
B250
0x
B254
0x
B258
0x
B25C
0x
B260
0x
B264
0x
B268
0x
B26C
0x
B270
0x
B274
0x
B278
0x
B27C
0x
B280
0x
B284
0x
B288
0x
B28C
0x
B290
0x
B294
0x
B298
0x
B29C
0x
B2A0
0x
B2A4
0x
B2A8
0x
B2AC
0x
B2B0
0x
B2B4
0x
B2B8
0x
B2BC
0x
B2C0
0x
B2C4
0x
B2C8
0x
B2CC
0x
B2D0
0x
B2D4
0x
B2D8
0x
B2DC
0x
B2E0
0x
B2E4
0x
B2E8
0x
B2EC
0x
B2F0
0x
B2F4
0x
B2F8
0x
B2FC
0x
B300
0x
B304
0x
B308
0x
B30C
0x
B310
0x
B314
0x
B318
0x
B31C
0x
B320
0x
B324
0x
B328
0x
B32C
0x
B330
0x
B334
0x
B338
0x
B33C
0x
B340
0x
B344
0x
B348
0x
B34C
0x
B350
0x
B354
0x
B358
0x
B35C
0x
B360
0x
B364
0x
B368
0x
B36C
0x
B370
0x
B374
0x
B378
0x
B37C
0x
B380
0x
B384
0x
B388
0x
B38C
0x
B390
0x
B394
0x
B398
0x
B39C
0x
B3A0
0x
B3A4
0x
B3A8
0x
B3AC
0x
B3B0
0x
B3B4
0x
B3B8
0x
B3BC
0x
B3C0
0x
B3C4
0x
B3C8
0x
B3CC
0x
B3D0
0x
B3D4
0x
B3D8
0x
B3DC
0x
B3E0
0x
B3E4
0x
B3E8
0x
B3EC
0x
B3F0
0x
B3F4
0x
B3F8
0x
B3FC
0x
B404
0x
B408
0x
B40C
0x
B410
0x
B414
0x
B418
0x
B41C
0x
B420
0x
B424
0x
B428
0x
B42C
0x
B430
0x
B434
0x
B438
0x
B43C
0x
B440
0x
B444
0x
B448
0x
B44C
0x
B450
0x
B454
0x
B458
0x
B45C
0x
B460
0x
B464
0x
B468
0x
B46C
0x
B470
0x
B474
0x
B478
0x
B47C
0x
B480
0x
B484
0x
B488
0x
B48C
0x
B490
0x
B494
0x
B498
0x
B49C
0x
B4A0
0x
B4A4
0x
B4A8
0x
B4AC
0x
B4B0
0x
B4B4
0x
B4B8
0x
B4BC
0x
B4C0
0x
B4C4
0x
B4C8
0x
B4CC
0x
B4D0
0x
B4D4
0x
B4D8
0x
B4DC
0x
B4E0
0x
B4E4
0x
B4E8
0x
B4EC
0x
B4F0
0x
B4F4
0x
B4F8
0x
B4FC
0x
B500
0x
B504
0x
B508
0x
B50C
0x
B510
0x
B514
0x
B518
0x
B51C
0x
B520
0x
B524
0x
B528
0x
B52C
0x
B530
0x
B534
0x
B538
0x
B53C
0x
B540
0x
B544
0x
B548
0x
B54C
0x
B550
0x
B554
0x
B558
0x
B55C
0x
B560
0x
B564
0x
B568
0x
B56C
0x
B570
0x
B574
0x
B578
0x
B57C
0x
B580
0x
B584
0x
B588
0x
B58C
0x
B590
0x
B594
0x
B598
0x
B59C
0x
B5A0
0x
B5A4
0x
B5A8
0x
B5AC
0x
B5B0
0x
B5B4
0x
B5B8
0x
B5BC
0x
B5C0
0x
B5C4
0x
B5C8
0x
B5CC
0x
B5D0
0x
B5D4
0x
B5D8
0x
B5DC
0x
B5E0
0x
B5E4
0x
B5E8
0x
B5EC
0x
B5F0
0x
B5F4
0x
B5F8
0x
B5FC
0x
B600
0x
B604
0x
B608
0x
B60C
0x
B610
0x
B614
0x
B618
0x
B61C
0x
B620
0x
B624
0x
B628
0x
B62C
0x
B630
0x
B634
0x
B638
0x
B63C
0x
B640
0x
B644
0x
B648
0x
B64C
0x
B650
0x
B654
0x
B658
0x
B65C
0x
B660
0x
B664
0x
B668
0x
B66C
0x
B670
0x
B674
0x
B678
0x
B67C
0x
B680
0x
B684
0x
B688
0x
B68C
0x
B690
0x
B694
0x
B698
0x
B69C
0x
B6A0
0x
B6A4
0x
B6A8
0x
B6AC
0x
B6B0
0x
B6B4
0x
B6B8
0x
B6BC
0x
B6C0
0x
B6C4
0x
B6C8
0x
B6CC
0x
B6D0
0x
B6D4
0x
B6D8
0x
B6DC
0x
B6E0
0x
B6E4
0x
B6E8
0x
B6EC
0x
B6F0
0x
B6F4
0x
B6F8
0x
B6FC
0x
B700
0x
B704
0x
B708
0x
B70C
0x
B710
0x
B714
0x
B718
0x
B71C
0x
B720
0x
B724
0x
B728
0x
B72C
0x
B730
0x
B734
0x
B738
0x
B73C
0x
B740
0x
B744
0x
B748
0x
B74C
0x
B750
0x
B754
0x
B758
0x
B75C
0x
B760
0x
B764
0x
B768
0x
B76C
0x
B770
0x
B774
0x
B778
0x
B77C
0x
B780
0x
B784
0x
B788
0x
B78C
0x
B790
0x
B794
0x
B798
0x
B79C
0x
B7A0
0x
B7A4
0x
B7A8
0x
B7AC
0x
B7B0
0x
B7B4
0x
B7B8
0x
B7BC
0x
B7C0
0x
B7C4
0x
B7C8
0x
B7CC
0x
B7D0
0x
B7D4
0x
B7D8
0x
B7DC
0x
B7E0
0x
B7E4
0x
B7E8
0x
B7EC
0x
B7F0
0x
B7F4
0x
B7F8
0x
B7FC
0x
B804
0x
B808
0x
B80C
0x
B810
0x
B814
0x
B818
0x
B81C
0x
B820
0x
B824
0x
B828
0x
B82C
0x
B830
0x
B834
0x
B838
0x
B83C
0x
B840
0x
B844
0x
B848
0x
B84C
0x
B850
0x
B854
0x
B858
0x
B85C
0x
B860
0x
B864
0x
B868
0x
B86C
0x
B870
0x
B874
0x
B878
0x
B87C
0x
B880
0x
B884
0x
B888
0x
B88C
0x
B890
0x
B894
0x
B898
0x
B89C
0x
B8A0
0x
B8A4
0x
B8A8
0x
B8AC
0x
B8B0
0x
B8B4
0x
B8B8
0x
B8BC
0x
B8C0
0x
B8C4
0x
B8C8
0x
B8CC
0x
B8D0
0x
B8D4
0x
B8D8
0x
B8DC
0x
B8E0
0x
B8E4
0x
B8E8
0x
B8EC
0x
B8F0
0x
B8F4
0x
B8F8
0x
B8FC
0x
B900
0x
B904
0x
B908
0x
B90C
0x
B910
0x
B914
0x
B918
0x
B91C
0x
B920
0x
B924
0x
B928
0x
B92C
0x
B930
0x
B934
0x
B938
0x
B93C
0x
B940
0x
B944
0x
B948
0x
B94C
0x
B950
0x
B954
0x
B958
0x
B95C
0x
B960
0x
B964
0x
B968
0x
B96C
0x
B970
0x
B974
0x
B978
0x
B97C
0x
B980
0x
B984
0x
B988
0x
B98C
0x
B990
0x
B994
0x
B998
0x
B99C
0x
B9A0
0x
B9A4
0x
B9A8
0x
B9AC
0x
B9B0
0x
B9B4
0x
B9B8
0x
B9BC
0x
B9C0
0x
B9C4
0x
B9C8
0x
B9CC
0x
B9D0
0x
B9D4
0x
B9D8
0x
B9DC
0x
B9E0
0x
B9E4
0x
B9E8
0x
B9EC
0x
B9F0
0x
B9F4
0x
B9F8
0x
B9FC
0x
BA00
0x
BA04
0x
BA08
0x
BA0C
0x
BA10
0x
BA14
0x
BA18
0x
BA1C
0x
BA20
0x
BA24
0x
BA28
0x
BA2C
0x
BA30
0x
BA34
0x
BA38
0x
BA3C
0x
BA40
0x
BA44
0x
BA48
0x
BA4C
0x
BA50
0x
BA54
0x
BA58
0x
BA5C
0x
BA60
0x
BA64
0x
BA68
0x
BA6C
0x
BA70
0x
BA74
0x
BA78
0x
BA7C
0x
BA80
0x
BA84
0x
BA88
0x
BA8C
0x
BA90
0x
BA94
0x
BA98
0x
BA9C
0x
BAA0
0x
BAA4
0x
BAA8
0x
BAAC
0x
BAB0
0x
BAB4
0x
BAB8
0x
BABC
0x
BAC0
0x
BAC4
0x
BAC8
0x
BACC
0x
BAD0
0x
BAD4
0x
BAD8
0x
BADC
0x
BAE0
0x
BAE4
0x
BAE8
0x
BAEC
0x
BAF0
0x
BAF4
0x
BAF8
0x
BAFC
0x
BB00
0x
BB04
0x
BB08
0x
BB0C
0x
BB10
0x
BB14
0x
BB18
0x
BB1C
0x
BB20
0x
BB24
0x
BB28
0x
BB2C
0x
BB30
0x
BB34
0x
BB38
0x
BB3C
0x
BB40
0x
BB44
0x
BB48
0x
BB4C
0x
BB50
0x
BB54
0x
BB58
0x
BB5C
0x
BB60
0x
BB64
0x
BB68
0x
BB6C
0x
BB70
0x
BB74
0x
BB78
0x
BB7C
0x
BB80
0x
BB84
0x
BB88
0x
BB8C
0x
BB90
0x
BB94
0x
BB98
0x
BB9C
0x
BBA0
0x
BBA4
0x
BBA8
0x
BBAC
0x
BBB0
0x
BBB4
0x
BBB8
0x
BBBC
0x
BBC0
0x
BBC4
0x
BBC8
0x
BBCC
0x
BBD0
0x
BBD4
0x
BBD8
0x
BBDC
0x
BBE0
0x
BBE4
0x
BBE8
0x
BBEC
0x
BBF0
0x
BBF4
0x
BBF8
0x
BBFC
0x
9944
0x
BC04
0x
BC08
0x
BC0C
0x
BC10
0x
BC14
0x
BC18
0x
BC1C
0x
BC20
0x
BC24
0x
BC28
0x
BC2C
0x
BC30
0x
BC34
0x
BC38
0x
BC3C
0x
BC40
0x
BC44
0x
BC48
0x
BC4C
0x
BC50
0x
BC54
0x
BC58
0x
BC5C
0x
BC60
0x
BC64
0x
BC68
0x
BC6C
0x
BC70
0x
BC74
0x
BC78
0x
BC7C
0x
BC80
0x
BC84
0x
BC88
0x
BC8C
0x
BC90
0x
BC94
0x
BC98
0x
BC9C
0x
BCA0
0x
BCA4
0x
BCA8
0x
BCAC
0x
BCB0
0x
BCB4
0x
BCB8
0x
BCBC
0x
BCC0
0x
BCC4
0x
BCC8
0x
BCCC
0x
BCD0
0x
BCD4
0x
BCD8
0x
BCDC
0x
BCE0
0x
BCE4
0x
BCE8
0x
BCEC
0x
BCF0
0x
BCF4
0x
BCF8
0x
BCFC
0x
BD00
0x
BD04
0x
BD08
0x
BD0C
0x
BD10
0x
BD14
0x
BD18
0x
BD1C
0x
BD20
0x
BD24
0x
BD28
0x
BD2C
0x
BD30
0x
BD34
0x
BD38
0x
BD3C
0x
BD40
0x
BD44
0x
BD48
0x
BD4C
0x
BD50
0x
BD54
0x
BD58
0x
BD5C
0x
BD60
0x
BD64
0x
BD68
0x
BD6C
0x
BD70
0x
BD74
0x
BD78
0x
BD7C
0x
BD80
0x
BD84
0x
BD88
0x
BD8C
0x
BD90
0x
BD94
0x
BD98
0x
BD9C
0x
BDA0
0x
BDA4
0x
BDA8
0x
BDAC
0x
BDB0
0x
BDB4
0x
BDB8
0x
BDBC
0x
BDC0
0x
BDC4
0x
BDC8
0x
BDCC
0x
BDD0
0x
BDD4
0x
BDD8
0x
BDDC
0x
BDE0
0x
BDE4
0x
BDE8
0x
BDEC
0x
BDF0
0x
BDF4
0x
BDF8
0x
BDFC
0x
BE00
0x
BE04
0x
BE08
0x
BE0C
0x
BE10
0x
BE14
0x
BE18
0x
BE1C
0x
BE20
0x
BE24
0x
BE28
0x
BE2C
0x
BE30
0x
BE34
0x
BE38
0x
BE3C
0x
BE40
0x
BE44
0x
BE48
0x
BE4C
0x
BE50
0x
BE54
0x
BE58
0x
BE5C
0x
BE60
0x
BE64
0x
BE68
0x
BE6C
0x
BE70
0x
BE74
0x
BE78
0x
BE7C
0x
BE80
0x
BE84
0x
BE88
0x
BE8C
0x
BE90
0x
BE94
0x
BE98
0x
BE9C
0x
BEA0
0x
BEA4
0x
BEA8
0x
BEAC
0x
BEB0
0x
BEB4
0x
BEB8
0x
BEBC
0x
BEC0
0x
BEC4
0x
BEC8
0x
BECC
0x
BED0
0x
BED4
0x
BED8
0x
BEDC
0x
BEE0
0x
BEE4
0x
BEE8
0x
BEEC
0x
BEF0
0x
BEF4
0x
BEF8
0x
BEFC
0x
BF00
0x
BF04
0x
BF08
0x
BF0C
0x
BF10
0x
BF14
0x
BF18
0x
BF1C
0x
BF20
0x
BF24
0x
BF28
0x
BF2C
0x
BF30
0x
BF34
0x
BF38
0x
BF3C
0x
BF40
0x
BF44
0x
BF48
0x
BF4C
0x
BF50
0x
BF54
0x
BF58
0x
BF5C
0x
BF60
0x
BF64
0x
BF68
0x
BF6C
0x
BF70
0x
BF74
0x
BF78
0x
BF7C
0x
BF80
0x
BF84
0x
BF88
0x
BF8C
0x
BF90
0x
BF94
0x
BF98
0x
BF9C
0x
BFA0
0x
BFA4
0x
BFA8
0x
BFAC
0x
BFB0
0x
BFB4
0x
BFB8
0x
BFBC
0x
BFC0
0x
BFC4
0x
BFC8
0x
BFCC
0x
BFD0
0x
BFD4
0x
BFD8
0x
BFDC
0x
BFE0
0x
BFE4
0x
BFE8
0x
BFEC
0x
BFF0
0x
BFF4
0x
BFF8
0x
BFFC
0x
8900
0x
C004
0x
C008
0x
C00C
0x
C010
0x
C014
0x
C018
0x
C01C
0x
C020
0x
C024
0x
C028
0x
C02C
0x
C030
0x
C034
0x
C038
0x
C03C
0x
C040
0x
C044
0x
C048
0x
C04C
0x
C050
0x
C054
0x
C058
0x
C05C
0x
C060
0x
C064
0x
C068
0x
C06C
0x
C070
0x
C074
0x
C078
0x
C07C
0x
C080
0x
C084
0x
C088
0x
C08C
0x
C090
0x
C094
0x
C098
0x
C09C
0x
C0A0
0x
C0A4
0x
C0A8
0x
C0AC
0x
C0B0
0x
C0B4
0x
C0B8
0x
C0BC
0x
C0C0
0x
C0C4
0x
C0C8
0x
C0CC
0x
C0D0
0x
C0D4
0x
C0D8
0x
C0DC
0x
C0E0
0x
C0E4
0x
C0E8
0x
C0EC
0x
C0F0
0x
C0F4
0x
C0F8
0x
C0FC
0x
C100
0x
C104
0x
C108
0x
C10C
0x
C110
0x
C114
0x
C118
0x
C11C
0x
C120
0x
C124
0x
C128
0x
C12C
0x
C130
0x
C134
0x
C138
0x
C13C
0x
C140
0x
C144
0x
C148
0x
C14C
0x
C150
0x
C154
0x
C158
0x
C15C
0x
C160
0x
C164
0x
C168
0x
C16C
0x
C170
0x
C174
0x
C178
0x
C17C
0x
C180
0x
C184
0x
C188
0x
C18C
0x
C190
0x
C194
0x
C198
0x
C19C
0x
C1A0
0x
C1A4
0x
C1A8
0x
C1AC
0x
C1B0
0x
C1B4
0x
C1B8
0x
C1BC
0x
C1C0
0x
C1C4
0x
C1C8
0x
C1CC
0x
C1D0
0x
C1D4
0x
C1D8
0x
C1DC
0x
C1E0
0x
C1E4
0x
C1E8
0x
C1EC
0x
C1F0
0x
C1F4
0x
C1F8
0x
C1FC
0x
C200
0x
C204
0x
C208
0x
C20C
0x
C210
0x
C214
0x
C218
0x
C21C
0x
C220
0x
C224
0x
C228
0x
C22C
0x
C230
0x
C234
0x
C238
0x
C23C
0x
C240
0x
C244
0x
C248
0x
C24C
0x
C250
0x
C254
0x
C258
0x
C25C
0x
C260
0x
C264
0x
C268
0x
C26C
0x
C270
0x
C274
0x
C278
0x
C27C
0x
C280
0x
C284
0x
C288
0x
C28C
0x
C290
0x
C294
0x
C298
0x
C29C
0x
C2A0
0x
C2A4
0x
C2A8
0x
C2AC
0x
C2B0
0x
C2B4
0x
C2B8
0x
C2BC
0x
C2C0
0x
C2C4
0x
C2C8
0x
C2CC
0x
C2D0
0x
C2D4
0x
C2D8
0x
C2DC
0x
C2E0
0x
C2E4
0x
C2E8
0x
C2EC
0x
C2F0
0x
C2F4
0x
C2F8
0x
C2FC
0x
C300
0x
C304
0x
C308
0x
C30C
0x
C310
0x
C314
0x
C318
0x
C31C
0x
C320
0x
C324
0x
C328
0x
C32C
0x
C330
0x
C334
0x
C338
0x
C33C
0x
C340
0x
C344
0x
C348
0x
C34C
0x
C350
0x
C354
0x
C358
0x
C35C
0x
C360
0x
C364
0x
C368
0x
C36C
0x
C370
0x
C374
0x
C378
0x
C37C
0x
C380
0x
C384
0x
C388
0x
C38C
0x
C390
0x
C398
0x
C394
0x
C39C
0x
C3A0
0x
C3A4
0x
C3A8
0x
C3AC
0x
C3B0
0x
C3B4
0x
C3B8
0x
C3BC
0x
C3C0
0x
C3C4
0x
C3C8
0x
C3CC
0x
C3D0
0x
C3D4
0x
C3D8
0x
C3DC
0x
C3E0
0x
C3E4
0x
C3E8
0x
C3EC
0x
C3F0
0x
C3F4
0x
C3F8
0x
C3FC
0x
C404
0x
C408
0x
C40C
0x
C410
0x
C414
0x
C418
0x
C41C
0x
C420
0x
C424
0x
C428
0x
C42C
0x
C430
0x
C434
0x
C438
0x
C43C
0x
C440
0x
C444
0x
C448
0x
C44C
0x
C450
0x
C454
0x
C458
0x
C45C
0x
C460
0x
C464
0x
C468
0x
C46C
0x
C470
0x
C474
0x
C478
0x
C47C
0x
C480
0x
C484
0x
C488
0x
C48C
0x
C490
0x
C494
0x
C498
0x
C49C
0x
C4A0
0x
C4A4
0x
C4A8
0x
C4AC
0x
C4B0
0x
C4B4
0x
C4B8
0x
C4BC
0x
C4C0
0x
C4C4
0x
C4C8
0x
C4CC
0x
C4D0
0x
C4D4
0x
C4D8
0x
C4DC
0x
C4E0
0x
C4E4
0x
C4E8
0x
C4F0
0x
C4EC
0x
C4F4
0x
C4F8
0x
C4FC
0x
C500
0x
C504
0x
C508
0x
C50C
0x
C510
0x
C514
0x
C518
0x
C51C
0x
C520
0x
C524
0x
C528
0x
C52C
0x
C530
0x
C534
0x
C538
0x
C53C
0x
C540
0x
C544
0x
C548
0x
C54C
0x
C550
0x
C554
0x
C558
0x
C55C
0x
C560
0x
C564
0x
C568
0x
C56C
0x
C570
0x
C574
0x
C578
0x
C57C
0x
C580
0x
C584
0x
C588
0x
C58C
0x
C590
0x
C594
0x
C598
0x
C59C
0x
C5A0
0x
C5A4
0x
C5A8
0x
C5AC
0x
C5B0
0x
C5B4
0x
C5B8
0x
C5BC
0x
C5C0
0x
C5C4
0x
C5C8
0x
C5CC
0x
C5D0
0x
C5D4
0x
C5D8
0x
C5DC
0x
C5E0
0x
C5E4
0x
C5E8
0x
C5EC
0x
C5F0
0x
C5F4
0x
C5F8
0x
C5FC
0x
C600
0x
C604
0x
C608
0x
C60C
0x
C610
0x
C614
0x
C618
0x
C61C
0x
C620
0x
C624
0x
C628
0x
C62C
0x
C630
0x
C634
0x
C638
0x
C63C
0x
C640
0x
C644
0x
C648
0x
C64C
0x
C650
0x
C654
0x
C658
0x
C65C
0x
C660
0x
C664
0x
C668
0x
C66C
0x
C670
0x
C674
0x
C678
0x
C67C
0x
C680
0x
C684
0x
C688
0x
C68C
0x
C690
0x
C694
0x
C698
0x
C69C
0x
C6A0
0x
C6A4
0x
C6A8
0x
C6AC
0x
C6B0
0x
C6B4
0x
C6B8
0x
C6BC
0x
C6C0
0x
C6C4
0x
C6C8
0x
C6CC
0x
C6D0
0x
C6D4
0x
C6D8
0x
C6DC
0x
C6E0
0x
C6E4
0x
C6E8
0x
C6EC
0x
C6F0
0x
C6F4
0x
C6F8
0x
C6FC
0x
C700
0x
C704
0x
C708
0x
C70C
0x
C710
0x
C714
0x
C718
0x
C71C
0x
C720
0x
C724
0x
C728
0x
C72C
0x
C730
0x
C734
0x
C738
0x
C73C
0x
C740
0x
C744
0x
C748
0x
C74C
0x
C750
0x
C754
0x
C758
0x
C75C
0x
C760
0x
C764
0x
C768
0x
C76C
0x
C770
0x
C774
0x
C778
0x
C77C
0x
C780
0x
C784
0x
C788
0x
C78C
0x
C790
0x
C794
0x
C798
0x
C79C
0x
C7A0
0x
C7A4
0x
C7A8
0x
C7AC
0x
C7B0
0x
C7B4
0x
C7B8
0x
C7BC
0x
C7C0
0x
C7C8
0x
C7CC
0x
C7D0
0x
C7D4
0x
C7D8
0x
C7DC
0x
C7E0
0x
C7E4
0x
C7E8
0x
C7EC
0x
C7F0
0x
C7F4
0x
C7F8
0x
C7FC
0x
C804
0x
C808
0x
C80C
0x
C810
0x
C814
0x
C818
0x
C81C
0x
C820
0x
C824
0x
C828
0x
C82C
0x
C830
0x
C834
0x
C838
0x
C83C
0x
C840
0x
C844
0x
C848
0x
C84C
0x
C850
0x
C854
0x
C858
0x
C85C
0x
C860
0x
C864
0x
C868
0x
C86C
0x
C870
0x
C874
0x
C878
0x
C87C
0x
C880
0x
C884
0x
C888
0x
C88C
0x
C890
0x
C894
0x
C898
0x
C89C
0x
C8A0
0x
C8A4
0x
C8A8
0x
C8AC
0x
C8B0
0x
C8B4
0x
C8B8
0x
C8BC
0x
C8C0
0x
C8C4
0x
C8C8
0x
C8CC
0x
C8D0
0x
C8D4
0x
C8D8
0x
C8DC
0x
C8E0
0x
C8E4
0x
C8E8
0x
C8EC
0x
C8F0
0x
C8F4
0x
C8F8
0x
C8FC
0x
C900
0x
C904
0x
C908
0x
C90C
0x
C910
0x
C914
0x
C918
0x
C91C
0x
C920
0x
C924
0x
C928
0x
C92C
0x
C930
0x
C934
0x
C938
0x
C93C
0x
C940
0x
C944
0x
C948
0x
C94C
0x
C950
0x
C954
0x
C958
0x
C95C
0x
C960
0x
C964
0x
C968
0x
C96C
0x
C970
0x
C974
0x
C978
0x
C97C
0x
C980
0x
C984
0x
C988
0x
C98C
0x
C990
0x
C994
0x
C998
0x
C99C
0x
C9A0
0x
C9A4
0x
C9A8
0x
C9AC
0x
C9B0
0x
C9B4
0x
C9B8
0x
C9BC
0x
C9C0
0x
C9C4
0x
C9C8
0x
C9CC
0x
C9D0
0x
C9D4
0x
C9D8
0x
C9DC
0x
C9E0
0x
C9E4
0x
C9E8
0x
C9EC
0x
C9F0
0x
C9F4
0x
C9F8
0x
C9FC
0x
CA00
0x
CA04
0x
CA08
0x
CA0C
0x
CA10
0x
CA14
0x
CA18
0x
CA1C
0x
CA20
0x
CA24
0x
CA28
0x
CA2C
0x
CA30
0x
CA34
0x
CA38
0x
CA3C
0x
CA40
0x
CA44
0x
CA48
0x
CA4C
0x
CA50
0x
CA54
0x
CA58
0x
CA5C
0x
CA60
0x
CA64
0x
CA68
0x
CA6C
0x
CA70
0x
CA74
0x
CA78
0x
CA7C
0x
CA80
0x
CA84
0x
CA88
0x
CA8C
0x
CA90
0x
CA94
0x
CA98
0x
CA9C
0x
CAA0
0x
CAA4
0x
CAA8
0x
CAAC
0x
CAB0
0x
CAB4
0x
CAB8
0x
CABC
0x
CAC0
0x
CAC4
0x
CAC8
0x
CACC
0x
CAD0
0x
CAD4
0x
CAD8
0x
CADC
0x
CAE0
0x
CAE4
0x
CAE8
0x
CAEC
0x
CAF0
0x
CAF4
0x
CAF8
0x
CAFC
0x
CB00
0x
CB04
0x
CB08
0x
CB0C
0x
CB10
0x
CB14
0x
CB18
0x
CB1C
0x
CB20
0x
CB24
0x
CB28
0x
CB2C
0x
CB30
0x
CB34
0x
CB38
0x
CB3C
0x
CB40
0x
CB44
0x
CB48
0x
CB4C
0x
CB50
0x
CB54
0x
CB58
0x
CB5C
0x
CB60
0x
CB64
0x
CB68
0x
CB6C
0x
CB70
0x
CB74
0x
CB78
0x
CB7C
0x
CB80
0x
CB84
0x
CB88
0x
CB8C
0x
CB90
0x
CB94
0x
CB98
0x
CB9C
0x
CBA0
0x
CBA4
0x
CBA8
0x
CBAC
0x
CBB0
0x
CBB4
0x
CBB8
0x
CBBC
0x
CBC0
0x
CBC4
0x
CBC8
0x
CBCC
0x
CBD0
0x
CBD4
0x
CBD8
0x
CBDC
0x
CBE0
0x
CBE4
0x
CBE8
0x
CBEC
0x
CBF0
0x
CBF4
0x
CBF8
0x
CBFC
0x
7998
0x
CC04
0x
CC08
0x
CC0C
0x
CC10
0x
CC14
0x
CC18
0x
CC1C
0x
CC20
0x
CC24
0x
CC28
0x
CC2C
0x
CC30
0x
CC34
0x
CC38
0x
CC3C
0x
CC40
0x
CC44
0x
CC48
0x
CC4C
0x
CC50
0x
CC54
0x
CC58
0x
CC5C
0x
CC60
0x
CC64
0x
CC68
0x
CC6C
0x
CC70
0x
CC74
0x
CC78
0x
CC7C
0x
CC80
0x
CC84
0x
CC88
0x
CC8C
0x
CC90
0x
CC94
0x
CC98
0x
CC9C
0x
CCA0
0x
CCA4
0x
CCA8
0x
CCAC
0x
CCB0
0x
CCB4
0x
CCB8
0x
CCBC
0x
CCC0
0x
CCC4
0x
CCC8
0x
CCCC
0x
CCD0
0x
CCD4
0x
CCD8
0x
CCDC
0x
CCE0
0x
CCE4
0x
CCE8
0x
CCEC
0x
CCF0
0x
CCF4
0x
CCF8
0x
CCFC
0x
CD00
0x
CD04
0x
CD08
0x
CD0C
0x
CD10
0x
CD14
0x
CD18
0x
CD1C
0x
CD20
0x
CD24
0x
CD28
0x
CD2C
0x
CD30
0x
CD34
0x
CD38
0x
CD3C
0x
CD40
0x
CD44
0x
CD48
0x
CD4C
0x
CD50
0x
CD54
0x
CD58
0x
CD5C
0x
CD60
0x
CD64
0x
CD68
0x
CD6C
0x
CD70
0x
CD74
0x
CD78
0x
CD7C
0x
CD80
0x
CD84
0x
CD88
0x
CD8C
0x
CD90
0x
CD94
0x
CD98
0x
CD9C
0x
CDA0
0x
CDA4
0x
CDA8
0x
CDAC
0x
CDB0
0x
CDB4
0x
CDB8
0x
CDBC
0x
CDC0
0x
CDC4
0x
CDC8
0x
CDCC
0x
CDD0
0x
CDD4
0x
CDD8
0x
CDDC
0x
CDE0
0x
CDE4
0x
CDE8
0x
CDEC
0x
CDF0
0x
CDF4
0x
CDF8
0x
CDFC
0x
CE00
0x
CE04
0x
CE08
0x
CE0C
0x
CE10
0x
CE14
0x
CE18
0x
CE1C
0x
CE20
0x
CE24
0x
CE28
0x
CE2C
0x
CE30
0x
CE34
0x
CE38
0x
CE3C
0x
CE40
0x
CE44
0x
CE48
0x
CE4C
0x
CE50
0x
CE54
0x
CE58
0x
CE5C
0x
CE60
0x
CE64
0x
CE68
0x
CE6C
0x
CE70
0x
CE74
0x
CE78
0x
CE7C
0x
CE80
0x
CE84
0x
CE88
0x
CE8C
0x
CE90
0x
CE94
0x
CE98
0x
CE9C
0x
CEA0
0x
CEA4
0x
CEA8
0x
CEAC
0x
CEB0
0x
CEB4
0x
CEB8
0x
CEBC
0x
CEC0
0x
CEC4
0x
CEC8
0x
CECC
0x
CED0
0x
CED4
0x
CED8
0x
CEDC
0x
CEE0
0x
CEE4
0x
CEE8
0x
CEEC
0x
CEF0
0x
CEF4
0x
CEF8
0x
CEFC
0x
CF00
0x
CF04
0x
CF08
0x
CF0C
0x
CF10
0x
CF14
0x
CF18
0x
CF1C
0x
CF20
0x
CF24
0x
CF28
0x
CF2C
0x
CF30
0x
CF34
0x
CF38
0x
CF3C
0x
CF40
0x
CF44
0x
CF48
0x
CF4C
0x
CF50
0x
CF54
0x
CF58
0x
CF5C
0x
CF60
0x
CF64
0x
CF68
0x
CF6C
0x
CF70
0x
CF74
0x
CF78
0x
CF7C
0x
CF80
0x
CF84
0x
CF88
0x
CF8C
0x
CF90
0x
CF94
0x
CF98
0x
CF9C
0x
CFA0
0x
CFA4
0x
CFA8
0x
CFAC
0x
CFB0
0x
CFB4
0x
CFB8
0x
CFBC
0x
CFC0
0x
CFC4
0x
CFC8
0x
CFCC
0x
CFD0
0x
CFD4
0x
CFD8
0x
CFDC
0x
CFE0
0x
CFE4
0x
CFE8
0x
CFEC
0x
CFF0
0x
CFF4
0x
CFF8
0x
CFFC
0x
D004
0x
D008
0x
D00C
0x
D010
0x
D014
0x
D018
0x
D01C
0x
D020
0x
D024
0x
D028
0x
D02C
0x
D030
0x
D034
0x
D038
0x
D03C
0x
D040
0x
D044
0x
D048
0x
D04C
0x
D050
0x
D054
0x
D058
0x
D05C
0x
D060
0x
D064
0x
D068
0x
D06C
0x
D070
0x
D074
0x
D078
0x
D07C
0x
D080
0x
D084
0x
D088
0x
D08C
0x
D090
0x
D094
0x
D098
0x
D09C
0x
D0A0
0x
D0A4
0x
D0A8
0x
D0AC
0x
D0B0
0x
D0B4
0x
D0B8
0x
D0BC
0x
D0C0
0x
D0C4
0x
D0C8
0x
D0CC
0x
D0D0
0x
D0D4
0x
D0D8
0x
D0DC
0x
D0E0
0x
D0E8
0x
D0EC
0x
D0F0
0x
D0F4
0x
D0F8
0x
D0FC
0x
D100
0x
D104
0x
D108
0x
D10C
0x
D110
0x
D114
0x
D118
0x
D11C
0x
D120
0x
D124
0x
D128
0x
D12C
0x
D130
0x
D134
0x
D138
0x
D13C
0x
D140
0x
D144
0x
D148
0x
D14C
0x
D150
0x
D154
0x
D158
0x
D15C
0x
D160
0x
D164
0x
D168
0x
D16C
0x
D170
0x
D174
0x
D178
0x
D17C
0x
D180
0x
D184
0x
D188
0x
D18C
0x
D190
0x
D194
0x
D198
0x
D19C
0x
D1A0
0x
D1A4
0x
D1A8
0x
D1AC
0x
D1B0
0x
D1B4
0x
D1B8
0x
D1BC
0x
D1C0
0x
D1C4
0x
D1C8
0x
D1CC
0x
D1D0
0x
D1D4
0x
D1D8
0x
D1DC
0x
D1E0
0x
D1E4
0x
D1E8
0x
D1EC
0x
D1F0
0x
D1F4
0x
D1F8
0x
D1FC
0x
D200
0x
D204
0x
D208
0x
D20C
0x
D210
0x
D214
0x
D218
0x
D21C
0x
D220
0x
D224
0x
D228
0x
D22C
0x
D230
0x
D234
0x
D238
0x
D23C
0x
D240
0x
D244
0x
D248
0x
D24C
0x
D250
0x
D254
0x
D258
0x
D25C
0x
D260
0x
D264
0x
D268
0x
D26C
0x
D270
0x
D274
0x
D278
0x
D27C
0x
D280
0x
D284
0x
D288
0x
D28C
0x
D290
0x
D294
0x
D298
0x
D29C
0x
D2A0
0x
D2A4
0x
D2A8
0x
D2AC
0x
D2B0
0x
D2B4
0x
D2B8
0x
D2BC
0x
D2C0
0x
D2C4
0x
D2C8
0x
D2CC
0x
D2D0
0x
D2D4
0x
D2D8
0x
D2DC
0x
D2E0
0x
D2E4
0x
D2E8
0x
D2EC
0x
D2F0
0x
D2F4
0x
D2F8
0x
D2FC
0x
D300
0x
D304
0x
D308
0x
D30C
0x
D310
0x
D314
0x
D318
0x
D31C
0x
D320
0x
D324
0x
D328
0x
D32C
0x
D330
0x
D334
0x
D338
0x
D33C
0x
D340
0x
D344
0x
D348
0x
D34C
0x
D350
0x
D354
0x
D358
0x
D35C
0x
D360
0x
D364
0x
D368
0x
D36C
0x
D370
0x
D374
0x
D378
0x
D37C
0x
D380
0x
D384
0x
D388
0x
D38C
0x
D390
0x
D394
0x
D398
0x
D39C
0x
D3A0
0x
D3A4
0x
D3A8
0x
D3AC
0x
D3B0
0x
D3B4
0x
D3B8
0x
D3BC
0x
D3C0
0x
D3C4
0x
D3C8
0x
D3CC
0x
D3D0
0x
D3D4
0x
D3D8
0x
D3DC
0x
D3E0
0x
D3E4
0x
D3E8
0x
D3EC
0x
D3F0
0x
D3F4
0x
D3F8
0x
D3FC
0x
D404
0x
D408
0x
D40C
0x
D410
0x
D414
0x
D418
0x
D41C
0x
D420
0x
D424
0x
D428
0x
D42C
0x
D430
0x
D434
0x
D438
0x
D43C
0x
D440
0x
D444
0x
D4A8
0x
D4AC
0x
D4B0
0x
D4B4
0x
D4B8
0x
D4BC
0x
D4C0
0x
D4C4
0x
D4C8
0x
D4CC
0x
D4D0
0x
D4D4
0x
D4E0
0x
D4E4
0x
D4E8
0x
D4EC
0x
D4F0
0x
D4F4
0x
D4F8
0x
D4FC
0x
D500
0x
D504
0x
D508
0x
D50C
0x
D510
0x
D514
0x
D518
0x
D51C
0x
D520
0x
D524
0x
D528
0x
D52C
0x
D530
0x
D534
0x
D538
0x
D53C
0x
D540
0x
D544
0x
D548
0x
D54C
0x
D550
0x
D554
0x
D558
0x
D55C
0x
D560
0x
D564
0x
D568
0x
D56C
0x
D570
0x
D574
0x
D578
0x
D57C
0x
D580
0x
D584
0x
D588
0x
D58C
0x
D590
0x
D594
0x
D5A4
0x
D5A8
0x
D5AC
0x
D5B0
0x
D5B4
0x
D5B8
0x
D5BC
0x
D5C0
0x
D5C4
0x
D5C8
0x
D5CC
0x
D5D0
0x
D5D4
0x
D5D8
0x
D5DC
0x
D5E0
0x
D5E4
0x
D5E8
0x
D5EC
0x
D5F0
0x
D5F4
0x
D5F8
0x
D5FC
0x
D600
0x
D604
0x
D608
0x
D60C
0x
D610
0x
D614
0x
D618
0x
D61C
0x
D620
0x
D624
0x
D628
0x
D62C
0x
D630
0x
D634
0x
D638
0x
D63C
0x
D640
0x
D644
0x
D648
0x
D64C
0x
D650
0x
D654
0x
D658
0x
D65C
0x
D660
0x
D664
0x
D668
0x
D66C
0x
D670
0x
D674
0x
D678
0x
D67C
0x
D680
0x
D684
0x
D688
0x
D68C
0x
D690
0x
D694
0x
D698
0x
D69C
0x
D6A0
0x
D6A4
0x
D6A8
0x
D6AC
0x
D6B0
0x
D6B4
0x
D6B8
0x
D6BC
0x
D6C0
0x
D6C4
0x
D6C8
0x
D6CC
0x
D6D0
0x
D6D4
0x
D6D8
0x
D6DC
0x
D6E0
0x
D6E4
0x
D6E8
0x
D6EC
0x
D6F0
0x
D6F4
0x
D6F8
0x
D6FC
0x
D700
0x
D704
0x
D708
0x
D70C
0x
D710
0x
D714
0x
D718
0x
D71C
0x
D720
0x
D724
0x
D728
0x
D72C
0x
D730
0x
D734
0x
D738
0x
D73C
0x
D740
0x
D744
0x
D748
0x
D74C
0x
D750
0x
D754
0x
D758
0x
D75C
0x
D760
0x
D764
0x
D768
0x
D76C
0x
D770
0x
D774
0x
D778
0x
D77C
0x
D780
0x
D784
0x
D788
0x
D78C
0x
D790
0x
D794
0x
D798
0x
D79C
0x
D7A0
0x
D7A4
0x
D7A8
0x
D7AC
0x
D7B0
0x
D7B4
0x
D7B8
0x
D7BC
0x
D7C0
0x
D7C4
0x
D7C8
0x
D7CC
0x
D7D0
0x
D7D4
0x
D7D8
0x
D7DC
0x
D7E0
0x
D7E4
0x
D7E8
0x
D7EC
0x
D7F0
0x
D7F4
0x
D7F8
0x
D7FC
0x
D464
0x
D45C
0x
C4F0
0x
C398
0x
D494
0x
D4A4
0x
D490
0x
D44C
0x
D474
0x
D488
0x
D478
0x
D448
0x
D480
0x
D468
0x
D458
0x
D49C
0x
D4A0
0x
D454
0x
D470
0x
D498
0x
D48C
0x
D47C
0x
D450
0x
D484
0x
D46C
0x
593C
0x
D460
0x
D804
0x
D808
0x
D80C
0x
D810
0x
D814
0x
D818
0x
D81C
0x
D820
0x
D824
0x
D828
0x
D82C
0x
D830
0x
D834
0x
D838
0x
D83C
0x
D840
0x
D844
0x
D848
0x
D84C
0x
D850
0x
D854
0x
D858
0x
D85C
0x
D860
0x
D864
0x
D868
0x
D86C
0x
D870
0x
D874
0x
D878
0x
D87C
0x
D880
0x
D884
0x
D888
0x
D88C
0x
D890
0x
D894
0x
D898
0x
D89C
0x
D8A0
0x
D8A4
0x
D8A8
0x
D8AC
0x
D8B0
0x
D8B4
0x
D8B8
0x
D8BC
0x
D8C0
0x
D8C4
0x
D8C8
0x
D8CC
0x
D8D0
0x
D8D4
0x
D8D8
0x
D8DC
0x
D8E0
0x
D8E4
0x
D8E8
0x
D8EC
0x
D8F0
0x
D8F4
0x
D8F8
0x
D8FC
0x
D900
0x
D904
0x
D908
0x
D90C
0x
D910
0x
D914
0x
D918
0x
D91C
0x
D920
0x
D924
0x
D928
0x
D92C
0x
D930
0x
D934
0x
D938
0x
D93C
0x
D940
0x
D944
0x
D948
0x
D94C
0x
D950
0x
D954
0x
D958
0x
D95C
0x
D960
0x
D964
0x
D968
0x
D96C
0x
D970
0x
D974
0x
D978
0x
D97C
0x
D980
0x
D984
0x
D988
0x
D98C
0x
D990
0x
D994
0x
D998
0x
D99C
0x
D9A0
0x
D9A4
0x
D9A8
0x
D9AC
0x
D9B0
0x
D9B4
0x
D9B8
0x
D9BC
0x
D9C0
0x
D9C4
0x
D9C8
0x
D9CC
0x
D9D0
0x
D9D4
0x
D9D8
0x
D9DC
0x
D9E0
0x
D9E4
0x
D9E8
0x
D9F0
0x
D9F4
0x
D9F8
0x
D9FC
0x
DA00
0x
DA04
0x
DA08
0x
DA0C
0x
DA10
0x
DA14
0x
DA18
0x
DA1C
0x
DA20
0x
DA24
0x
DA28
0x
DA2C
0x
DA30
0x
DA34
0x
DA38
0x
DA3C
0x
DA40
0x
DA44
0x
DA48
0x
DA4C
0x
DA50
0x
DA54
0x
DA58
0x
DA5C
0x
DA60
0x
DA64
0x
DA68
0x
DA6C
0x
DA70
0x
DA74
0x
DA78
0x
DA7C
0x
DA80
0x
DA84
0x
DA88
0x
DA8C
0x
DA90
0x
DA94
0x
DA98
0x
DA9C
0x
DAA0
0x
DAA4
0x
DAA8
0x
DAAC
0x
DAB0
0x
DAB4
0x
DAB8
0x
DABC
0x
DAC0
0x
DAC4
0x
DAC8
0x
DACC
0x
DAD0
0x
DAD4
0x
DAD8
0x
DADC
0x
DAE0
0x
DAE4
0x
DAE8
0x
DAEC
0x
DAF0
0x
DAF4
0x
DAF8
0x
DAFC
0x
DB00
0x
DB2C
0x
DB30
0x
DB34
0x
DB38
0x
DB3C
0x
DB40
0x
DB58
0x
DB5C
0x
DB60
0x
DB64
0x
DB68
0x
DB6C
0x
DB70
0x
DB74
0x
DB78
0x
DB7C
0x
DB80
0x
DB84
0x
DB88
0x
DB8C
0x
DB90
0x
DB94
0x
DB98
0x
DB9C
0x
DBA0
0x
DBA4
0x
DBA8
0x
DBAC
0x
DBB0
0x
DBB4
0x
DBB8
0x
DBBC
0x
DBC0
0x
DBC4
0x
DBC8
0x
DBCC
0x
DBD0
0x
DBD4
0x
DBD8
0x
DBDC
0x
DBE0
0x
DBE4
0x
DBE8
0x
DBEC
0x
DBF0
0x
DBF4
0x
DBF8
0x
DBFC
0x
8E48
0x
DC04
0x
DC08
0x
DC0C
0x
DC10
0x
DC14
0x
DC18
0x
DC1C
0x
DC20
0x
DC24
0x
DC28
0x
DC2C
0x
DC30
0x
DC34
0x
DC38
0x
DC3C
0x
DC40
0x
DC44
0x
DC48
0x
DC4C
0x
DC50
0x
DC54
0x
DC58
0x
DC5C
0x
DC60
0x
DC64
0x
DC80
0x
DC84
0x
DC88
0x
DC8C
0x
DC90
0x
DC94
0x
DC98
0x
DC9C
0x
DCA0
0x
DCA4
0x
DCA8
0x
DCAC
0x
DCB0
0x
DCB4
0x
DCB8
0x
DCBC
0x
DCE8
0x
DCEC
0x
DCF0
0x
DCF4
0x
DCF8
0x
DCFC
0x
DD00
0x
DD08
0x
DD0C
0x
DD10
0x
DD14
0x
DD18
0x
DD1C
0x
DD24
0x
DD28
0x
DD2C
0x
DD30
0x
DD34
0x
DD38
0x
DD3C
0x
DD40
0x
DD44
0x
DD48
0x
DD54
0x
DD58
0x
DD5C
0x
DD60
0x
DD64
0x
DD68
0x
DD6C
0x
DD88
0x
DD8C
0x
DD90
0x
DD94
0x
DD98
0x
DD9C
0x
DDA0
0x
DDAC
0x
DDB0
0x
DDB4
0x
DDB8
0x
DDBC
0x
DDC0
0x
DDC4
0x
DDC8
0x
DDCC
0x
DDD0
0x
DDD4
0x
DE00
0x
DE04
0x
DE08
0x
DE0C
0x
DE10
0x
DE14
0x
DE20
0x
DE24
0x
DE28
0x
DE2C
0x
DE30
0x
DE34
0x
DE38
0x
DE3C
0x
DE40
0x
DE44
0x
DE48
0x
DE4C
0x
DE58
0x
DE5C
0x
DE60
0x
DE64
0x
DE68
0x
DE6C
0x
DE70
0x
DE74
0x
DE78
0x
DE7C
0x
DE80
0x
DE84
0x
DE88
0x
DE8C
0x
DE90
0x
DE94
0x
DE98
0x
DE9C
0x
DEA0
0x
DEA4
0x
DEA8
0x
DEAC
0x
DEB0
0x
DEB4
0x
DEC4
0x
DEC8
0x
DECC
0x
DED0
0x
DED4
0x
DED8
0x
DEDC
0x
DEE0
0x
DEE4
0x
DEE8
0x
DEEC
0x
DEF0
0x
DEF4
|
Dropped Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\588bce7c90097ed212\1029\eula.rtf | 3.91 KB |
MD5:
af112af8655f620f9d0f57ae178b7712
SHA1: 4d93186b3dbab583a10e5b8422df888accdb8fcd SHA256: e35aa9215a63699e978b75526d6021025647e867e864e6259c13508d027959a1 SSDeep: 96:PltUHPetZi6q83TwZpLbVhivq/x9lVChicbwdbkSioO6Nl:PjUPVZOSZzVQbYbfA6Nl |
|
|
| C:\588bce7c90097ed212\1044\LocalizedData.xml | 77.72 KB |
MD5:
3aade65afbaaa2cc6e0a84ce7b6d7a3d
SHA1: d75dc62effc3d33fbe4960b3aa2a09c34d486925 SHA256: 44c045c43b9aafdb400cf88627b205310c84420df9f6ac182ccb7b76b4d96aa4 SSDeep: 1536:OS33p3T/v0X/0Qq0+7xTir5TPcKumi8d4B5mW/ErUHi9cK9h7J4asImU9KP:R5DvK/1+7xuZomis6EQErUHi91hJ4zrh |
|
|
| C:\588bce7c90097ed212\netfx_Core_x64.msi | 1.81 MB |
MD5:
5ebd4a974ac11fac7295cee6a1a89249
SHA1: b7a701b93ec0ae2a4cf5e0f94871a85300e3d53f SHA256: 7b5a248ed30fa151634c877f815d6c6b91ed6928eec3ac5b8fd63bded2ca3285 SSDeep: 49152:cQbsQs12G65EDZYV0m507DUVn4l5zicvOUw9j3xRe2PKpA:hbrs12G9k0/D2n4TbvOUqe2iS |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK | 0.64 KB |
MD5:
73ea6c6c788354c9836f137bdb7ed9e3
SHA1: a1b5498e4a46a64febc66df06436095abf0a5046 SHA256: 364ff2682cc94fa6d5b7ddc19538f36bfe8c08fb1f7539579f0da427043887b1 SSDeep: 12:IRI3xPNJOgz/LVJ0Id5LMYj99Y95HYdIAnAczxU+6j:5W4JVdxx9Y/aHxzGj |
|
|
| C:\588bce7c90097ed212\netfx_Core.mzz | 173.08 MB |
MD5:
88cc29919734d2acd224b62e1a70e33f
SHA1: a9b4c4621beef8f784202f1c480739f57ab64d8e SHA256: d35b1d83a617352096ef3e528a34f186d1cc5d874904cd226d5c581f15bdde95 SSDeep: 196608:Y6YwrI+y961Vg3Evra/MYK3fHPBfE3gBqjY48IQG9up5iGbNOuCNggf:Y6VrIn9Z3Ej4ofvNE3gBaUID9upM+Iue |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.RYK | 588.33 KB |
MD5:
7eeeef0fbbf6620fa9eb51a022b536aa
SHA1: 6764fc062baa2924c71ef5786ae7c34abf8a8e87 SHA256: 91d38850c1065e19515d6108a184fa7936e733860c86f95a300fde26f280a62d SSDeep: 12288:og3nNE4RtVyw7d1LubXWQBhNO82XhgvvthcQu2Rm95h:oona4Rqw7vuVwgHthcQuGmd |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png.RYK | 5.55 KB |
MD5:
881ae20b4e69ccf608aef756c7e281e7
SHA1: 86141bc83af780e897b00846905f89ce36737107 SHA256: 6f9e3e329e7ea878bddd7cdd0d8a36c0f8271628f389114fe144748fa1dbb56e SSDeep: 96:T3ubqP3sMBidgxNlzeDUvPxGI9mhgPrU9s37a4DGAdDEPX6VQ4Wz1Ps+xxdjL:Luk3sMUOx0cPxGSJPIqrlGAxSX6Vc1Uw |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK | 2.64 KB |
MD5:
f67d933feb6b1862ddb63fd500dcdd1b
SHA1: b0afa5e185f03154a85b0cca7ce23d103a947b00 SHA256: 5796c9c9ac2a20e7e1b3fe1fa5a4c14a919cebe4f297f479bcfcbbe6988f94d9 SSDeep: 48:0qZDAxCn7oEl7W5UnEcrQf7Yuv/2f3R9J7exwmtvoBAi5/RL9KZxDhokEYiBnch:NZMxA7ocy5UEcrkYumfPJ7eir2i5/Fkz |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK | 2.33 KB |
MD5:
85eebd1fe165883c0500a10df95aa487
SHA1: 7c18f159ec82662e02687eed1a38f3adfcedfc6e SHA256: 0ea421e79de045d46c0740e05f0c884e97afbfa93cf493e8b499703f18faacf7 SSDeep: 48:E9yz43JucTixPXznTdfChxzYwslZjxjkwjZYcZocHrvx:Eo4kMGPjTdKhhY5tj/ZLJ |
|
|
| C:\RyukReadMe.html | 0.61 KB |
MD5:
b193dfda39d19928ccd7b78cbd78ce18
SHA1: 69f26c8e8eea61433de9fe892dd6201c4d993af8 SHA256: 97e84fd5d5695c998662d0c9d3aa45d785063ddeb35858f19c012c3732734ecd SSDeep: 12:kJlzq+jG2/d2/MbHeIH/GJHbr+OsKXUM:kJllGmdmqHzbM |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.RYK | 0.46 KB |
MD5:
3be2286b94ff41857b1caf4ce4a96d1c
SHA1: 9d2707d2051fbfbdd5dfa3d7d50e15cd6b0d1ae1 SHA256: 2f3a70a87e93b4e35b42722ac96633d410c0fb4d3606c2a803a97e977490ad19 SSDeep: 12:tlSsXGBDKpZJoB4lwiduAd2Q0qDXl5prZrh3QDKzuIVn:tgsaDK7583Q065FJh3IPY |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK | 2.63 KB |
MD5:
d89ca72936ddde3964562ed50acefa8b
SHA1: e6bd4a43b24ed9e8dafa3b3e46db4d4959b45a0b SHA256: 29ba71439b47ed811114b508d4401bb8b8554a29eca7a58bdce937f54e9e6fe6 SSDeep: 48:0vvex7glx8Eu9QhC0VbTMpK0f+pHRqQlxrYlc/+8j5CmsHxH1XrNyy/32Sy:Iex7gn8EzhCed02pHDt5tsvXRHPq |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK | 2.42 KB |
MD5:
9993371487a08ff66559529f5f3be4fa
SHA1: b8e1013bee6eeb5b55382d8e359ccbc202d701fc SHA256: cbac5309b202f17dc79846a6a17d34c5abdc60ceac32d1d06dc3c4fd2212104b SSDeep: 48:B7fil85+le7ALbeuaNPMkqHqqr6tl6DeVA6CoVYuSikL:5NMzbe3Ukitr6mq269CuTU |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\UpdateCspStore.xml.RYK | 0.30 KB |
MD5:
5104e712c7dad1d97bc7ffb7c88f05a3
SHA1: 7a194811bc1c0e37701ac3409ea269aa89df905e SHA256: f725904920779e2cc3a7034bedcda04db609b7614882e5583ff68fe2fd7c7876 SSDeep: 6:iOG1IiwItFT3EX1qr9X1zY2Lt/Nc1p1SClACI7DcU+o:etFO1qhX2qQp1SHH/+o |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.003.etl.RYK | 8.28 KB |
MD5:
eae688cafa7b97d6fb9c53eac351c069
SHA1: 91391ef1e1727b16e07ebe79198a10d6c78abb9c SHA256: 09da1d88539c7808331fff5f610c9a7cf43ac77077bc50caee01eb27b28e396b SSDeep: 192:k6SG0uDxFWDVESxrHIGtI5FHfWtnp3/yYSGBA8QhZlM030WbZ+v:nGVE0HIGjpv1jSWAsv |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK | 1.42 KB |
MD5:
9b788c3d008bb3995b17279102a9e92c
SHA1: a39249b1f06ea1b47369a5673fbe0c8c529cdb1e SHA256: 5dffb28acce446acdb63aad0c789baf359794cb61d247c2a4f3ceadaf8e90206 SSDeep: 24:g5X7iwf6ft+SH9/YLBHbqxCbDjM81Fx6EPkAk0/8hTIGs1E9sN2+2Rx2GM+f:g5XGwfe3YLBHugbDAiHJCAIvFTM+f |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Windows 10 Update Assistant.lnk.RYK | 1.00 KB |
MD5:
45820a03b7780f4095abfdc262e04fa4
SHA1: 407171020bb40a5008af13c592d2e4066972d68b SHA256: 0727f2f5cd6a391d4a405929feef38f50e21c3c8ba2ba70ee19b5dcd34ed258e SSDeep: 24:NSxgWhvi3nVr/zXGTPLJC0lIeb6fHNjg/RNkzrVDr1n8du:NygooVr/zWDlC0ao0Auxn8du |
|
|
| c:\programdata\microsoft\crypto\rsa\machinekeys\08e575673cce10c72090304839888e02_33d770d0-06bc-47c5-8714-222cdac43a71 | 0.05 KB |
MD5:
93a5aadeec082ffc1bca5aa27af70f52
SHA1: 47a92aee3ea4d1c1954ed4da9f86dd79d9277d31 SHA256: a1a21799e98f97f271657ce656076f33dcb020d9370f1f2671d783cafd230294 SSDeep: 3:/lE7L6N:+L6N |
|
|
| C:\$GetCurrent\Logs\PartnerSetupCompleteResult.log | 0.31 KB |
MD5:
2116e99313f9496ceeef8dd58081bd75
SHA1: a22e0639b92da1f87d98aac6cae41d41733832ba SHA256: 9d59c55dd49e2302861884b943d1783a325c3ac41a64514069b317d7a3e2ec41 SSDeep: 6:GR5dPJy4U2tLW7BEorVG0alddBQ0mzL1xBke3HC4CX61i42aMokeiA6I7v23b5:svy3+CEaalzB5mFiZ7wX7+r5 |
|
|
| C:\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log | 6.14 KB |
MD5:
d0f41af349daf199ed94877b145ad357
SHA1: d1d42ac0240e43ab95948e59708a8a691dbb3c38 SHA256: 7a7fce53d62b788e55869763b0c57baafca9f96b24201dec4e2f445949a2eaf6 SSDeep: 96:sLmpPXf6i9IOEXiSsiseTQ+UaKL93rAJVSjjiQ3N2QN4+J9EhQ7KucASEXzy/:wmpPSAIOESSsjr2wr4M4+YQm8SQzy/ |
|
|
| C:\$GetCurrent\SafeOS\SetupComplete.cmd | 0.58 KB |
MD5:
74c03d0c436fb9dcb23158ed0878eb71
SHA1: 6f00e68fa0669c0d592bcd53e8c14cdee1835f05 SHA256: 53af36ab43728a5306ad8076bed7826e4e837d8362d950fbf939d70b391008e8 SSDeep: 12:gcm/1yCR0k/zosQVBlGU/ENW9acocQampaxoN5:X+DALT/39al8md |
|
|
| C:\588bce7c90097ed212\1025\eula.rtf | 7.66 KB |
MD5:
85c1ce5c4522f8b90f72684e71b4073e
SHA1: 4f06f5029b91f3b790617a1de0cb1f29ea669152 SHA256: b6eb532a0dd23bbadc16ee927ade9535074d9ceb8e00ba0e1c35b3a2d7334a1c SSDeep: 96:olldhoazzDLxeG4kZj3uxPCAvAkauMIuKzipl1742bBYk2s0YcV7Sk9NZUngsDs6:W9xeGnZj3U9awsv58ZpNigsD0dzq2m |
|
|
| C:\588bce7c90097ed212\1025\LocalizedData.xml | 72.75 KB |
MD5:
2940910b9aa777d992d619f84c8c21b8
SHA1: 8dad4ab142f6148064531c89887a0382cb55e85f SHA256: 12a083199e866a57796b9768ea534f1232f832bf05ac03d155e240b4bd8c34e2 SSDeep: 1536:H/izbFwYNEcDH6/8Q0G3fncEhriIq2g0qrwS3wKuElyUHW1:H/OFhTDH6kQv3PfeX20rwYeElyx1 |
|
|
| C:\588bce7c90097ed212\1028\eula.rtf | 6.44 KB |
MD5:
34837bf84407104f37ad315d14c9bec5
SHA1: 73b5504332f19fe6320b6e039ba5e6e39828a190 SHA256: 7d2d8a0f274de28b53905a85b1a77278449d8f9e8b4541f6f5766ee744b1fcbb SSDeep: 96:mNiogmBNuXbbTYKN5Un+h63sWY7dTZRiaGEgAN3xOPNdsmQiPdW5I7GKGaVB4nKd:msjhN5WzkNgPz6iFWSVGxnKlq3ij |
|
|
| C:\588bce7c90097ed212\1029\LocalizedData.xml | 79.35 KB |
MD5:
8047eb42653ed6763afdeb0b85f6b817
SHA1: 1ac71b0ef04820d2552b57c8f1e13a61de6925ac SHA256: 734e198e1fed3e8a7e99105f362241525f5651ab86c90fb99617a1969b2dc3a2 SSDeep: 1536:iw0kz7nKwMw+xUKBpeJ0PaddmRS/ZTi699D1gZTBbWeL+46t/fYp1+OjaX9I:sYKzWUpM0Padm0H951HeiBt/fY6gB |
|
|
| C:\588bce7c90097ed212\1032\LocalizedData.xml | 84.53 KB |
MD5:
d99a1072fb03db61db61c04e40dd1796
SHA1: c6491075891e90e7aab064d5766971ca05ee829a SHA256: a2eddf758dd0cb09119e735312f901b94155bb4feb0da1d0c42e3c701f3af3b1 SSDeep: 1536:bde4Jo+3ybU+TvE0Ahez5CXhf9TAyoUimx2wmt9UNvQZ0InJ31wAzXsQ:Je4a+3yrTLye4p9ga2zANvQDnJ3eAzd |
|
|
| C:\$GetCurrent\SafeOS\preoobe.cmd | 0.35 KB |
MD5:
3294dba62ee6ea69b1d3422ee9fc9f58
SHA1: aaddda69e3f269135495dbeb4d083488afac95b2 SHA256: d3c9d96b8757f7b6c015b74735d3f65589e88e76d010aac07f5fac6b058ab0df SSDeep: 6:F2COVVUY6YAOSQwf7E4H30MAmMAbvY/rDyK/Diq3SQlgGKHF/OBLNZCWETz:Pw0DQwf7fXdP8/nZmq3SQncO9Ny |
|
|
| C:\588bce7c90097ed212\1031\eula.rtf | 3.61 KB |
MD5:
d03919a2fb6aafa79968c5030700d682
SHA1: ec70ed268ec802c2211c922350508bf4d542cfc6 SHA256: 9f3032602a2c9388c3a4dc2fc43e6cfccf5a1683c67e6554789539b8a5cf3775 SSDeep: 96:6EcMdXEYUI/H9VBpaRPdUlqFdWxii6WRspMvFNhE/L2nFNR:6E1ERGTzSPdeqFYl6WPvFNhsynp |
|
|
| C:\588bce7c90097ed212\1032\eula.rtf | 8.94 KB |
MD5:
40e3549528f2d8a87af5fb813cdffb83
SHA1: ed7e33bc3543fd6b60d7e85645f0840607109559 SHA256: a2efb0d1571aa7aae4e55cc09d210e995cf208b0e2d1acc13484fe8f152a9c68 SSDeep: 192:TnUru6WhAFRH22fpgYdZqvuE0U49LxWgihvrhBcllFL:4ru6WhARfpd9U4VxWgihNBclv |
|
|
| C:\588bce7c90097ed212\1028\LocalizedData.xml | 59.67 KB |
MD5:
2d5f7a655cd0273730ea909b71f23702
SHA1: 3b339af77d341d194ff71185afa31d3bd9a660ba SHA256: fdd3ec50f98295c765926315f98d861b693e7931e177b46e92e9420a0c837be8 SSDeep: 1536:2gF4iAH8ZRVLWoDe7zxyCgrmFjP244Rs1/UUYs3DPE:xFG8ZTZDeICiejPwRKcX4DPE |
|
|
| C:\588bce7c90097ed212\1030\LocalizedData.xml | 76.21 KB |
MD5:
c521c5d94cffd12996f8beb02a5a33fd
SHA1: a0796fea4b39dc7243a0ae4c763938781a8d5f88 SHA256: 0b0cb9f3963f30bc8664cda6aadc5e2b7e7024a30a3e8e3b6c0768b9ed984779 SSDeep: 1536:GFWeQkPbX4CHlDW3Z8AY2Al/K5xwhWCS0xQJQFFfgrxiPvMGFFRFuK:OWebr40Cp8vK5+WCSQHgrGFz |
|
|
| C:\$GetCurrent\SafeOS\PartnerSetupComplete.cmd | 0.85 KB |
MD5:
decd162944b88c5d91db15ea57722f77
SHA1: c500e734f6c26cf66c8b677392d62e7c126937e6 SHA256: 4ee9db1a051361ff8bf130d909d629cea7f76fafd0438d771c0b1efb9ecfac68 SSDeep: 24:0IBqkm6vMlg4XdXZaCBmZbVpMQfVzSo9U:0Ig5l3LaXZxpMQf9SB |
|
|
| C:\$GetCurrent\SafeOS\GetCurrentRollback.ini | 0.42 KB |
MD5:
4eb5c8c042672ec44a52411900ba70f6
SHA1: 2b1651f4d8c22b11af7c496a3a1f255581999b7b SHA256: 367837d139364b25f414cb984f4214fc0112af01479d44f20eef66d0ea2bc26c SSDeep: 12:4z54ZshmN3hoe9XF9vBZvpgAGip3AAH4XriUNfgnMsZzR:w4Ba0XF7FpDwO4bi8fvsZzR |
|
|
| C:\588bce7c90097ed212\1036\eula.rtf | 3.72 KB |
MD5:
edc3cff42afac2a495b8651e18b2d53e
SHA1: ca2637e1815fea9240ee777032e7637cb3662ce3 SHA256: c9d2024deaa72cd54e4c849352079b002618bf07f5cd0a4e025227d9a7f27dbf SSDeep: 96:qxm7JIuE22gl4F5MVq2+kfYt4qMQNvsuaKK4jK+HWTO3L+4a:aXQlPq2+/MQNKqFWi3L+4a |
|
|
| C:\588bce7c90097ed212\1033\eula.rtf | 3.39 KB |
MD5:
6a4fdf77bd87fa2347afc7b52651d697
SHA1: f2d4dc07647c06d10f9101a5a33dfe1e4f8a44a7 SHA256: 55335277b8a0c40df43824ee2d868a9ee71d1623c6608ea109d968f991097056 SSDeep: 96:Ncvb27oUvRbs/MdtqOJnLIwMe4pMIfPnUQluW:Ncvi7oapXtlLIwK2In+W |
|
|
| C:\588bce7c90097ed212\1031\LocalizedData.xml | 80.69 KB |
MD5:
8413bbb00b2099725b8d7d3f60757534
SHA1: c9416cc04f5719571827b11b41d4a86456c6d249 SHA256: 723ef27b0ba9051a9df98da6f101b689ced424494a29bb534feb286ed6bf0613 SSDeep: 1536:lsAUBO+RNYcsJFg30cWtk80z3av1p0Dmy7dIYGwu2NOc2UMHsVLKyDwb:lbN8NYcsgxW4zEX0Dt5IYGBS32UMHauR |
|
|
| C:\588bce7c90097ed212\1030\eula.rtf | 3.52 KB |
MD5:
e4a26223214bb90db837923a0299c3f5
SHA1: ae6cf3a8f56f3e7ba0ab092254a34428df831742 SHA256: f866b5cce6fbbb24ab9aa8c70f3a28e240f579c8bb702bc1d1272c5c3f09e575 SSDeep: 96:KxRGWe938ph91BtnvubUQKso3p5HGyrA8u:MRPl1f0Kso3p5ls8u |
|
|
| C:\588bce7c90097ed212\1041\eula.rtf | 10.16 KB |
MD5:
4ecb5cde9d4fce620e3e87105fc8fa17
SHA1: 905d4447b6d6c8102b6d24657b36f7250946acce SHA256: 5377325923ffff535282d2fabbead4897fa683ada11fc61a7663bbc62418b166 SSDeep: 192:1gRjurO/0F4lXVZcgew4sMQFaNqmZangR1zyRqCSGrRCWagvcQTVvw:mX/0aT61qmanadE8xg0Kvw |
|
|
| C:\588bce7c90097ed212\1046\eula.rtf | 3.88 KB |
MD5:
b38cc6bd5197a8fe62872e10c5e934d5
SHA1: 056839c5706cfcdc1d14252db55443873533dd8c SHA256: da036775a38909e3ca0730710777b032570fe6c16920c28293d7941bf537e275 SSDeep: 96:OWzShGTvHJ6Kv95XErrM65Uh0yboaxTOMLnsvTjl:OpmxvzgrPUhx/Lcnl |
|
|
| C:\588bce7c90097ed212\1042\eula.rtf | 12.66 KB |
MD5:
cc4c8545130a44d1f58103508132647b
SHA1: d92e9ebedb68cf3715ae4f8567c41bed069ba9e0 SHA256: 8def1fb2d715b472d1a750be754e5c2766bb8964ce241062399ed23222a90319 SSDeep: 384:oDFmrjjICUfMORqNZfebR7ZtHRGYPEzOehz:FNUfMORqNZfebR7Zp0eEzOeJ |
|
|
| C:\588bce7c90097ed212\1040\LocalizedData.xml | 78.46 KB |
MD5:
8f00ffbbcf6daf0b75208dae50905026
SHA1: 6cc642c4b3da4c8be04db1c20767b8feff2c974b SHA256: d4ae7693bef4f1e757fad3a9a8d3d5a0ab8eb1920bd03ff300731100cd5f95c4 SSDeep: 1536:YgQT/KnhFooQ1krBoqs5yuR7Rtt60sfmPzgLkjhcncE/jQ25HX:Yaoogkrx9I7RtttsfmPzMkjhEckP53 |
|
|
| C:\588bce7c90097ed212\1042\LocalizedData.xml | 63.99 KB |
MD5:
f54fd83ecaf8201ec9a4f7236fd1b973
SHA1: 0a9167b20b6616b0d76891dfb52e3c8033a69de4 SHA256: 645c2cfbd848f4324d1cc166aa5655ef41328634a64d1ed4da11935daacaf2c4 SSDeep: 1536:Qw04z5GM2ZB4sVn3PX5EXmMFxjHU21kgapbHoctV+KyuhTbqvh:Qw3+vt3PXy2kjHgHdZAPwmZ |
|
|
| C:\588bce7c90097ed212\1033\LocalizedData.xml | 75.71 KB |
MD5:
e691f10b17acf6e98c7fb6495ae976d7
SHA1: 9231cf57839dd8902c507279e0dd19c393b5936d SHA256: 39f1b7185cf0241341027b8a4005d2430746b616f2dc6a9b4856d7e5e655bc42 SSDeep: 1536:tI8QUASmjS2BIirvDUkct/lim4fwVTzCd/C4m36yLG:t1ATjSYIYbqt/limgwV37bqyy |
|
|
| C:\588bce7c90097ed212\1045\eula.rtf | 4.22 KB |
MD5:
8537474be535f8dd227d8ce040586a22
SHA1: c01a6761dc77fd62ef2fa2983c9602b5e7ca264c SHA256: 575ee81ae705a37f3036d2c1bdea2452a64c27bf41f0777f264cddd4e8ed9781 SSDeep: 96:zgyvgdk0wQ4yX4+XhoEdVEaLb4k5cxDrarpMbvq6:zrgdxo+KMEauNmrWbvP |
|
|
| C:\588bce7c90097ed212\1037\eula.rtf | 6.97 KB |
MD5:
b00ba2b18caaf4aca4412b8b722de273
SHA1: e110907a534c1076a40572d14755e9dec839d3fe SHA256: 2aa36be14c7b473895c5dae3e6e3526c543dffa1c2159726422493c0d20f1c36 SSDeep: 192:K5IjnF/5m+GwmSpu7vVU0e3LzNoYkt1ly5:Ksq+GwmSE7e0edoYkt1lI |
|
|
| C:\588bce7c90097ed212\1038\LocalizedData.xml | 84.69 KB |
MD5:
2246dcb1441ae7b2440ea45311453edc
SHA1: faa4bd4e2c2293b42a562245cb666b98e5b14b6a SHA256: 46b54264428fba7cfe933bb619a2eb166f828e2b6de2d7cc92910c967d539046 SSDeep: 1536:5wXOeqaMJXdTt23PBIQ2WoLutYl6g62CsFv4c6lJObF9a0a+2lrs+GfzSQjkiQLN:5aMJXdTY3PBIbZLuil1N4cwJObWr+Mrj |
|
|
| C:\588bce7c90097ed212\1038\eula.rtf | 4.42 KB |
MD5:
82cf96c92cf27a4b8abb8a090cb9391f
SHA1: fd1a8d668cfd407c7b082898c02ad5aae60c60b7 SHA256: 492b0a1151728e1943682cb8b7a85997d02d9a19249bcab62d0061e256288588 SSDeep: 96:P7pbDCU3OEkpc14g0Ijl9cDIzxoOZizqfnAdsmzlX/X3q85KJcRXfz:jpbDzv50WMEpZWYnMv5v522fz |
|
|
| C:\588bce7c90097ed212\1043\LocalizedData.xml | 78.05 KB |
MD5:
afab57efe7c455175a162ce1be352396
SHA1: f702a9f71951df1bced3fbda0d5f3040d991f381 SHA256: fcd3757843c8c302a7d17636e6708abfefae294f1759cb1d7a0690921d561963 SSDeep: 1536:iPzEzMjj8PvSwCP9FcW6Rxa2jy/rmIGHXVqK319ANnnNUq1sZrYHk+kpjZUdgNW/:i1jj8Pv9CP3cLz8JGHL656qOZrYMpNo/ |
|
|
| C:\588bce7c90097ed212\1037\LocalizedData.xml | 70.66 KB |
MD5:
da95ea1b4590df467277e3f4fe3bfb01
SHA1: 3cda9637d6d3507c1f93d8604ffa6839ea18b3e0 SHA256: 943980a31384cb0c579bdaeef45bb582c669a24f2cec7b8cd8a0977bd9bba278 SSDeep: 1536:BqUaCn+ZYnB3sjlGQcs0NeDMfrslZnVVBN6jk9dwu/wF77CjjKnlSXy:UUYqFs5HcsskMfrs/V3N4kzv/wB7CIl/ |
|
|
| C:\588bce7c90097ed212\1046\LocalizedData.xml | 79.13 KB |
MD5:
74018edda6a03ef5148fce4c0d519296
SHA1: c104b90da432b82a197c59d218b170150c01c75f SHA256: 0b32f8ef28d8587a966bfe3d5bd3b36342907ee001a6b2b6bca101952a79207a SSDeep: 1536:ZA9HMtLQLvN798r7NBoJd1TIhIyggoBy+6CRsykbYejoBZS3IsFhwNN:ZQKwvNB8tCJnkhIyPMkbYe0wfFm |
|
|
| C:\588bce7c90097ed212\1045\LocalizedData.xml | 80.72 KB |
MD5:
6aa17a3661ca97611bbaf0ccf487105f
SHA1: a986f02eb33ea686daf1ae6e746f5fc87d2c703c SHA256: 20c54e0e88ae08a7d55b5a770f350151fd18917f9acc6523c9e7487189fccc1f SSDeep: 1536:wGATRwRvn7OHXVAUhkik6AlOmZx0JdhmLneFmz3aZcX2t1sQ9yI1rIK2:ytg6AULk6n3JdhmSFmz3wcX2rsq/Y |
|
|
| C:\588bce7c90097ed212\1041\LocalizedData.xml | 66.91 KB |
MD5:
ddf84941736c6cbf68f9fd270f9afc2b
SHA1: d9ff67790b16e4b8f187917f5d52e52b1624e7f8 SHA256: dfedd82daead99ab1f3501433e2132858a9dc93ba58360d8b7018362edcfcbd4 SSDeep: 1536:XNLGstwIbVZV1EYtspcGKr9N51R2m/4O/Dhf/lUFp8ldDvRlSNDj3c:FG2rbVZViYr9b1R7/DhXlUFWdlluXc |
|
|
| C:\588bce7c90097ed212\1035\LocalizedData.xml | 75.49 KB |
MD5:
cd53f6da6f4890d50ec8269a95286747
SHA1: 055ee682bcf9f689f5917102f1b49dec9bcbc8f1 SHA256: b37378e929b85b2e8de3e35d0f29d70b461a79e92df9a769ee503e816ee0e649 SSDeep: 1536:IZzDm2zyGitFCdxOmYuv8bu+KgBupWRQrMkr5zSKV:ihuGiEB8bu+sQkl1V |
|
|
| C:\588bce7c90097ed212\1036\LocalizedData.xml | 81.30 KB |
MD5:
498b72c35c67e91317e4cff18a05b89d
SHA1: c6bc5a05b98c34a5a3a750f486bbc8b91df6786f SHA256: 07462f5c428b027bdb387dd159e87a7c838c5b963bf41e571b26b7a1dab5d76d SSDeep: 1536:0bQwldD9UyGL7RXxhtJMlQyuW9b0sRTZSXSYV5mxqMJiW6KeFshpP+:0bQwldZYFXxhtJAQuZZbSBK9J42Z+ |
|
|
| C:\588bce7c90097ed212\1049\eula.rtf | 53.46 KB |
MD5:
a4bf538ca23c6394533555871c33f5ea
SHA1: b03742e3c26d440519e4ecc4efbb07c0b4076e6c SHA256: 1ff80407a8718291bee18ec3766c357492313dcc2d86a423c0cc2f500750409d SSDeep: 1536:hN/9hQmwPD2wu2QvPpK9YwE2lrIwjsWt+cZq0:HTQP/Ivo9YwEQx4WLq0 |
|
|
| C:\588bce7c90097ed212\1049\LocalizedData.xml | 79.85 KB |
MD5:
d413fa4d4cd09422d056bb685ec13f64
SHA1: 0e422a75c08f8d365e19928246158c68a0c7eb9f SHA256: f9d60591affee91b150fc0d70fa2c7f59c58949af8dfcd11f935d1d7e88c6f48 SSDeep: 1536:96VgNxvZZnv3wDpc887uN2OL/2moe9+KRtFPL+00sz18ozGdNBDu:96Yp3wma2OL+mhsGtJL/0slUNA |
|
|
| C:\588bce7c90097ed212\1044\eula.rtf | 3.25 KB |
MD5:
69f3ec5fa656977a6afc118b53ff8968
SHA1: 27504e4e3648a19b76c80cba41505de15221a846 SHA256: 418a1bad50b53b8498576021abc7615c0e85f7eade81703deae4521525fbc317 SSDeep: 48:2sE4oqLLZSyJWZ9v5SG4Alf+asEU59EHHtDcAYWePr90YeNkAX6HkNPC+kM:LDLLJWZ9wA5s159EHNDsWieNaVM |
|
|
| C:\588bce7c90097ed212\1043\eula.rtf | 3.74 KB |
MD5:
649a62d48e201e407a9ed28fade02278
SHA1: 81f5db70fb0339d93adb6fdb56e35ba8ae3dde62 SHA256: 1f500ce5642b32dcba32494e5801cd9ceb63a24c5bdf9927b991d740d757d433 SSDeep: 96:ZqoQAMXZa8qODiEhCUSalUJ8I7pDO5P2c4k6GBN2MXxZvf:ZqoQAMXZaDYCUSGyz7Z0j4k60Xxd |
|
|
| C:\588bce7c90097ed212\1040\eula.rtf | 3.83 KB |
MD5:
ca852cdccbbc3bff7f18f2989211bd5e
SHA1: b8a6ea9c42ddfcbaa84f9c9884125f29c96fad85 SHA256: 6ba1868fa55d8f17a84087a8ee1dcb2c5404ee6e470e269a6a4e3373cb36048d SSDeep: 96:XWv1K1H2CRhMlrCWHL1PMONhIf7R2RFmg1fRsm:X8sHRorCWHLCONhucRF7xRsm |
|
|
| C:\588bce7c90097ed212\1035\eula.rtf | 3.89 KB |
MD5:
4349f9e12a0f8040548d59ad0050bc9b
SHA1: dace8a4691cd9645376e3640f35f452ed3a956bb SHA256: 67d9391fda533b8da8ae36836446959abd66cd386f427dcdcad56bee73f817e8 SSDeep: 96:U3WN6Nb4aFHD2N8ghUcx+a+OsSvL4BlwL3Ips6l/KMZ8DM:U3WN6NsaFHD2NOc4a+Opz4wLI |
|
|
| C:\588bce7c90097ed212\1055\eula.rtf | 4.05 KB |
MD5:
7d44722a802dcd81a4407a4e4e6435ae
SHA1: 2833cc12a957a77b75ea30f689e99a97129891e6 SHA256: c3fdd51572d572d5921c31cee21fec93e6d3591b439d677f94553e53fc797c5c SSDeep: 96:VaZERIOcuk84bDVgyQ+5JV4ghEGchRSl48egDBP8T:Ue4uk84bpD4UEGi4l48egDd8T |
|
|
| C:\588bce7c90097ed212\1053\eula.rtf | 4.05 KB |
MD5:
8f08b16962b0a0a6538179976fca5924
SHA1: 9dbbecb74e0da534d2cf0785ff54d5b57e2483d4 SHA256: 3e345415302d619ff54bf146d61a0992f091f8bd682b72a367554240cdfea859 SSDeep: 96:29z9+Fl1QgGeCshIIhzZQtlCXNqSix5oN:29Bs1QglIIhet4XYSiH8 |
|
|
| C:\588bce7c90097ed212\1055\LocalizedData.xml | 75.30 KB |
MD5:
0dc925fcf3c249b806af73eb488c4c6d
SHA1: 39aad4238cbce99ddf0d0bbfc850953ef29db2d0 SHA256: 11101ffaf189c05faa6571cb0172b60fb6124013a77aedd47fcf55897721a7bb SSDeep: 1536:lguS3otWElqCBlsl7qRrXJ3OJ7ARRp2EmYJY+t2hrQzJgM44rX2OwdS:1ZflbE0hcELfarQz+4COws |
|
|
| C:\588bce7c90097ed212\1053\LocalizedData.xml | 76.14 KB |
MD5:
3d09c0769742a3c96697cbb9442f16fb
SHA1: 2109f95522feece25c7d16702435a575c37d7f18 SHA256: 0aed23bad0dd7b68115ee2c507d84d14d9aacbc85daae7ffc87b78ad30bbd790 SSDeep: 1536:cRoTQHFjt2GdGE9rrQgn51ngjlg4fm30VguxBUIC9IjHRA6Ttinz/OWdbq:cNv2GYE9rUYbEg4eEeE7RtTUzdq |
|
|
| C:\588bce7c90097ed212\2052\LocalizedData.xml | 59.53 KB |
MD5:
6e41be960e161774f17cfb7ba83ecf36
SHA1: b5cde5553e9dc91960390e8cb3d5a42839ffb5cb SHA256: 95bafe9a9232ed61a683c3216e7365212b71def0a928571b89bab231520bb0e3 SSDeep: 1536:ANq3zfNdkZrTBVGgGoz/QpAdJ35RyDnMhlF65LtZLFXcmSb49:ANGzfnkfB4IDb75gQWZMtM9 |
|
|
| C:\588bce7c90097ed212\2052\eula.rtf | 5.97 KB |
MD5:
452a28e69eb464c914940c2076187c41
SHA1: ec7bb4126e2f817df2e23551326ae4d039bad80b SHA256: ba4e0d096cd6fce9ae4e7ac23a12086ff09609fded2ee227a3834ea49c356807 SSDeep: 96:j+1o8Vb7NZug3uocBRitIA4B3w/J1KXwWCgKrq37uiRQYfug+acmeMAXcTzLTsK:j98lug3u/BghcgWCgKrqLzQMug+asM1X |
|
|
| C:\588bce7c90097ed212\2070\LocalizedData.xml | 78.64 KB |
MD5:
b77cc87b161506dc9871fc8dfce543bb
SHA1: 2b43e5abc20cc37d5f9d51ffff4666f4212e90b0 SHA256: 6034d4ccdf6c79a1a459f9e6db73fe333f146097c79d7465f9721928364b76e8 SSDeep: 1536:4smAGXIeLlEBNkIn3tWbebAKrTl16V5FaoAPmPec232TYmmEpvW:+DFkkIn3tbMKrS2o/f2EfmEpvW |
|
|
| C:\588bce7c90097ed212\3076\LocalizedData.xml | 59.67 KB |
MD5:
dbb30603cd4fc0fcf2fb88f01c7882d1
SHA1: 8b33954ba6b41fc9d18224e7d130c3b4db5b2fd4 SHA256: bc439c153dd15a303ace6a5fde5890b97be6a9092bfe7b5f287332396cc930fd SSDeep: 1536:zQHuZ2VNGBqamFtHZqNOOd1ea/cabZcodbpGykrf:zQHukVER9JdOabvdOrf |
|
|
| C:\588bce7c90097ed212\3076\eula.rtf | 6.44 KB |
MD5:
3961c342cb5871e5f658c252c14d49cd
SHA1: 3aa37287b456bbb754c44434a39c86560bf3c076 SHA256: 56d8b96938c46323f35f5f99332282b54d0a3718ba9ab9560682afab04280617 SSDeep: 192:OMuRc0Rt7IgOno9/HerWASf2GhIhChMTLR:OMec03IgOno9/HerWAmWBR |
|
|
| C:\588bce7c90097ed212\3082\eula.rtf | 3.27 KB |
MD5:
76d7ec6f3283568b2bfce9b5c8c41059
SHA1: 9549e22efeede54ee31a024bbd1fa098af342a3e SHA256: f62fcf9a32011ae856e433942eccac026d3b6ef6b8d3b5f60801ddf2e1b288b5 SSDeep: 48:qrQtQhYHGffezWQNjYGQueBdr6fBDdr7lq01ibF6ee+e8uJg2FS6/wLo:qMtQhLWzWJGzgWfXJxOF61rFrv |
|
|
| C:\588bce7c90097ed212\3082\LocalizedData.xml | 78.39 KB |
MD5:
f53c0a24c1c4b5b6f669359f6944362a
SHA1: 199c13b7ab35a8880867861bff8f3035140dbc1f SHA256: 81c9b10d20e0cf3568e2e7db424111a3d1e7e9e1d89023bc73b8c6cf27f1c027 SSDeep: 1536:/GEzW4PT4CjCKtI0aTX3fc5LUQSqOOeJMtiQsAz01qW/ZakEkhna5RhBLEMPFP:/GEzRPTlZtf2nfKPe6tiRmsaNkYHLEMh |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate8.ico | 1.14 KB |
MD5:
211a7fd87b0b641d922dca3f38a872cc
SHA1: 45222d847cae602d688da110d8dbb16e3702cce1 SHA256: 1f68bcb453d50c7be4b47d7893e2780c810f4108df4922d182875a2769a07bb3 SSDeep: 24:fSM4tF71eNiu68c2BdZut/bIFZMB0dDfqht/m6Js8j2/OR:6Leg57CdZFF92hvJlj2WR |
|
|
| C:\588bce7c90097ed212\Graphics\Save.ico | 1.39 KB |
MD5:
5598492fca64ae8f4c0144ca97d6ee47
SHA1: 90345d992a149375f8f4ee95ec82d6fe8d75fce7 SHA256: 60dee60e45ac3f5ac2e8d9c06e632fcd6a40bd3bd9243c51ecd01b2997a4a198 SSDeep: 24:Ihd/5ydwkA0btKBclW9mbMGbQPkKA1iCKRL1ZMIpKskEJG2vE+T0/Zu1+svr2xkx:IRN7b8bksKA1fY4I9kEJxdzdvc2UJw |
|
|
| C:\588bce7c90097ed212\Graphics\Print.ico | 1.39 KB |
MD5:
ed21559e2c690bc4561742ebafc182af
SHA1: 1f9042836645b55d7f57a8f98d8fdddcbbb0f647 SHA256: 750008350cf039c623ad59164125b022ff096dad9bf5b012b9bfa966ad14692f SSDeep: 24:kgpRZUDf9cetkVwwdh6Emy4mXr3o0TFk/dHVpcuvxPhBDn9oH:/RyyjZTXMMk/dHVKuvxPhBb9Y |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate3.ico | 1.14 KB |
MD5:
73926f4d6f84a34c32bf9d6b68b38f10
SHA1: 4077767d73759691d3af990ec7f4785e548a4d8b SHA256: ff0cbe6f7bc4d81303419c63a6848fc7bc2a5bd74edff1c7a47a32c3f5b25053 SSDeep: 24:4kkm4vLia2+m9I8qATJhTa2Lo5MXAjL+m2k1DBoMvwmvhtlV:45mqP2+KI8rzTacEpf+mpRmMLX |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate2.ico | 1.14 KB |
MD5:
12795a9da7fbd756c0d12d4786b03133
SHA1: 4581c349e7c722c7346a9bb2bb8df16f17db821a SHA256: 1ae7cc8abf891de973113e21640cd4d33e9c2bb655fa7d328f9a1df01217a554 SSDeep: 24:K0iDtw9DJ+3DE5NA1elrXZuxKTDP/d61yswROSAyIrRjwnQB:K0WtSCDE5NMyTXX+ysNyLn2 |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate1.ico | 1.14 KB |
MD5:
8038068d25f80ecbed2123f91640861e
SHA1: c1e1261c5982bfe7b19bf09c7bf3adafa2898299 SHA256: 5ec9a5bb6431e78773463bebe3ed245abc36e0a19fc5c32f52405b36bc416237 SSDeep: 24:4a1ykWD6KoAdu405Z8l06ARBwebomjr3UKi+cavdsFKGW2S:7uduZ20LC+/P2aH |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate6.ico | 1.14 KB |
MD5:
14ca8dbdab55796f30934e8e04706edf
SHA1: a329a4a878b0cbd01c4cf01db1b2ce99b9d739c9 SHA256: aa283a149d8788016ac931f211a85b517633cf3f4db9bf02de3b90231cc747da SSDeep: 24:QnY5R2x/bqKmr5S3oNitbmaUpVRiAGm5/U6Bx4WQj:1i/bq5s3oatq/UCx4WQj |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate7.ico | 1.14 KB |
MD5:
69d15bfdcaab6b4c3aa855cf31aa2dab
SHA1: 1d89c38e251dd22c41491c051107eed5f2c8bef8 SHA256: 4580e91f3a049a6308591408260926232b35e88603e104c35c06fbe50d970600 SSDeep: 24:xPxEm4jK4daRPiQQmyJNXO2Nl5YQoB4QjqK4w0drfZmwIY1B:3F4TatyLXOgl5tijqBBrfU9Y1B |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate4.ico | 1.14 KB |
MD5:
e65c4481948ca0dbc412c4e8827cdcfe
SHA1: 513bdb897b84027ae8a39ea38d464ed5b778f289 SHA256: fcad16aba1663b0a062aef05a052173bb2e5c4b80566eb85df298db635e8e865 SSDeep: 24:lp+gdcj/UvMpT15Cb3s7rJWOiixat3TcPS6URgWgYje3I1zOKuwlQcG:lpsrUvBb8Tiixat3TcaRaW8iOKucw |
|
|
| C:\588bce7c90097ed212\Graphics\Setup.ico | 36.13 KB |
MD5:
96db62766cfff386b7391fd5d725fd13
SHA1: 9cc7f54bc728ee5a25310510544280d13e551e52 SHA256: bcd62e777dfad26b34e5bc267323b63ccedfc2169da27e35ea3a108266ce521c SSDeep: 768:vjyDHJjeKyaw4nGDQKZGMviX3tyq38cGohQctuoH3jGhc:vWbjyf4nG+McGoNuoXh |
|
|
| C:\588bce7c90097ed212\Client\Parameterinfo.xml | 197.35 KB |
MD5:
2b1fb1345344467b34d9b6818db8381c
SHA1: 2b46c16131d5466a8ed0c9f65cdbc8a0551fadc9 SHA256: 0d50876cde23a5d5a2c410f92791ffdbfe6c5a616c8549406c96be63bb1b433e SSDeep: 6144:93dfdBkNsbLON5ixcuz0vpblxp2ENZdrZWITiTK:FdFB2aO2aTHf/zWITiTK |
|
|
| C:\588bce7c90097ed212\Graphics\SysReqMet.ico | 1.39 KB |
MD5:
506148331bc13dffa6ff20df84e3875e
SHA1: 75ca8b5234a8be2b148b7618e7f9041dcc503f42 SHA256: d45cd749345caee69d3a58353fe8bc3aafdb589505d47ff8ae746f2ebad3cca3 SSDeep: 24:bzEl7HiCkISf8So8MKqSCroBgZjg6DisNmuqW/VM76Wg6DlH0U:rCkI6JpCrN1OWVPWgyr |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate5.ico | 1.14 KB |
MD5:
6f0be1f8758e49aace0a220d28270388
SHA1: 8eeb80e2a8bd3f515bb9348bf349a2024feb3976 SHA256: 38f0ab9108506f4406337818ebb2fae84d5a4e866fefb7474cdb94320883eba5 SSDeep: 24:Ga5t1yZs2X9tnKjpzjb1CNVXfWyvXEGGre5n8YX35TRSn:GSiZC0WyfE1O35T0n |
|
|
| C:\588bce7c90097ed212\header.bmp | 3.81 KB |
MD5:
0515a539dd2173563bd59fc434ce4e1d
SHA1: ffce54f7085b974caa5dedb4c86491b0678c98b8 SHA256: 51e83febbbc1693d49323f15e0037af36cbd8b4c4f3d759d8fdf724ffedfa805 SSDeep: 96:3bmZCA8qY5IP5ZOwuafRZPDfuriw5uDp7NPes0XzORL:rpA3Y5u5/jPDEi/d7NOC1 |
|
|
| C:\588bce7c90097ed212\Graphics\stop.ico | 10.17 KB |
MD5:
add3e2fff03e1bbb36c59d6b162cd9b9
SHA1: 66a173e10ce37761e4089d0f2c4cc9075e1410c5 SHA256: f461e23bf54f574bfb9111894b19cf9fb7919d0a21c2f668bf85d2a6848cc47f SSDeep: 192:Qsk1zuODGwsjZbcYa2ppCX5etF+kqyzlsjAJ9eGHDycLYWELxHTukEzp38uKe:CJuODU4V2ppW++mxujsspn638uKe |
|
|
| C:\588bce7c90097ed212\RGB9RAST_x64.msi | 180.78 KB |
MD5:
07940d49e123eee02d89eee17f7e2e0d
SHA1: 61c80859a41c6c3b0578519ec01ef4c5a89f85b5 SHA256: 5488aaabaef2e023942efd5d0025e9705339d6d5fe0c012a66bf75f17d82699a SSDeep: 3072:B74VXqTi3PAKkqhiSRiKWIbY0SvNuYLFdURTtSaiklP7ZnJ90Y7BX1zcF4V9Y4Bl:R4hqTi3IL8Co7SvNuYLFdO13DjX1o4 |
|
|
| C:\588bce7c90097ed212\DisplayIcon.ico | 86.74 KB |
MD5:
1bdc97c259b213f343b7b494758700ab
SHA1: 9f4c1847cb3d36c4f19dbb30001e2cbc6981a7e5 SHA256: 8d55ebeded65cf3c16592b27f5e1cbe49225a189461840fd096c4e302d31f04d SSDeep: 1536:Z51b0kIRv50UyUEA1E9fZd+1XxjdXHNxBuIAAtkkH03vwPUzCGbonwylxRk:Z52x1OoW9fX+zxXzBuCa+mwPUzqnwy7a |
|
|
| C:\588bce7c90097ed212\DHtmlHeader.html | 16.02 KB |
MD5:
bb888a62705125c733e2a004b0eb79be
SHA1: 9cd100f961a704121ec51ae4ef952e97d7d8bbcd SHA256: 94e3327350a010741b6995b25f610fbba77a3da03682b286faa18630bd849fa7 SSDeep: 192:DOfd9UXB+Z4JMiAf68HGgdJtd4onT31NowRxBimZNk8WqNjs3iBXbPqY/6YGMXBO:md9WL8jVfr3BicHsSyYkOBxlM5QYh |
|
|
| C:\588bce7c90097ed212\UiInfo.xml | 38.27 KB |
MD5:
ed10c5ff824c40d3e87d93696c39e682
SHA1: 48a1b805efbda72a3de043e60e79632dc8f28940 SHA256: 032b376a09c9cb4500cde4beea363f5bdeffcf89fe5a5d77509ad3b82e152232 SSDeep: 768:No8dh41xJV/FgZ/Q/EUrJge22ciUxUJxSe0jY+ET72otA:NoiSxvt0/ivrGe225SrYT3ZtA |
|
|
| C:\588bce7c90097ed212\Extended\UiInfo.xml | 38.41 KB |
MD5:
6be6d3d4cea9e09a81a868266d93f566
SHA1: ed5c5ed3f9c29ac52a8a7cc8432270e08a2ef12a SHA256: d66b7e4cd4dc65f93a5393289982bed7dfe2803e9e513e48d2dd31d53bf8193b SSDeep: 768:ccWVJmZ5UXzmSzq/0W5wZDIk2NOJA9AWlCFLPoSfBtsb:c5Dyh0lp0OJA9AqCFMSfQb |
|
|
| C:\588bce7c90097ed212\Extended\Parameterinfo.xml | 91.41 KB |
MD5:
450e8e6cfd82c1b6dd0f56cf65472a6e
SHA1: 4770b85629b99074d8ef51ed8e013bc9534e500c SHA256: 807691f9710cc7cff8d7dc62df5e6ad421533fb83499f3970f19a1c1db422eac SSDeep: 1536:Wz5NhzZlK7ASTaRm9LbXt0p7u3euiL0P1KgE+cN56vlFOh8bLza2B:Wj9qt2Rm9b9M7dLO1KRnClFOh8za2B |
|
|
| C:\588bce7c90097ed212\ParameterInfo.xml | 265.94 KB |
MD5:
ad5d67a7a4e024e9b5937371a3fe57af
SHA1: 4c35d54a454309c8e404d9056a32ef6f5fff8b2f SHA256: 4cdcb45c4ecf7f55e753b0bae7f4e8c55ca7db5b1dc72e90b28a51fed130ab09 SSDeep: 6144:hX4pPqEeqDWGhv//BVZiUJrpHku0hFhAliU4khkXig:hX4pPZH//r0UJrBkuuhGhkXig |
|
|
| C:\588bce7c90097ed212\Strings.xml | 14.03 KB |
MD5:
a5b69e8e88a483e15880774149fcb0e3
SHA1: b784512128e2c6401c5c5fb7212c92aa2d73ce39 SHA256: 6c5c75d5b1e3ddd816be90a0ccc47f7345c0d48e8ca2c31a91ec86acf2891860 SSDeep: 384:eXYpQd7nFIgLMSCAOLOzzo+GuV1cj4wZQ4ng1910nG:7pQHMSYn+Guk4wC4g1j0G |
|
|
| C:\588bce7c90097ed212\SplashScreen.bmp | 40.39 KB |
MD5:
b798322f5d0feae9bdefc4624d8800d1
SHA1: f2b9fc67f3731c0da42fa38603b2d669d9a7528b SHA256: 352ef99ec3cfbbbeaf5700bbe664248ee6532e8bd5ba53adf3a431ca5de49625 SSDeep: 768:VRt45SjpIlDMPHaD8UFHSQooZwa/UnDRQpJKQD/kQBgU821R/:VRWsIiDUlUXnD4pD85UNR/ |
|
|
| C:\588bce7c90097ed212\RGB9Rast_x86.msi | 92.78 KB |
MD5:
e5980174560d24945e3656247bcdfc5f
SHA1: ff4fded5f63683b8b53ce8609d62ef8445b077f3 SHA256: 550fd7bf0c1ca11466765439d233fc90413898d7102a383bea8cc375f10eb261 SSDeep: 1536:mAGnPSP09ExrVgExgeqINg6my4BQ57EHFT/Kb7t1azI8uvbATC2Bns2WgjEDF:QnqPCExg7IhH/5IH5/Kb7tYU9vS6Tgk |
|
|
| C:\588bce7c90097ed212\Graphics\warn.ico | 10.17 KB |
MD5:
5cf39d9041e835430fc213c4410fe52e
SHA1: f49377db0be422556a8e809a9208ae891d13f1f2 SHA256: 250dce63bf95dcc46902c9bf2b36235468c2f952b373c462f9fd8d634df1e4a6 SSDeep: 192:P3WN8BlDW72IWa52TR56xHPqeBInwLQ15Fnjm7fUANDfjxERCJzY9MESS:u+ByTWtRSqKLQ15Fnsf/f5JzY9MESS |
|
|
| C:\588bce7c90097ed212\SetupUi.xsd | 29.69 KB |
MD5:
8af1388927f9fc7ab9bf27a9c5621aa5
SHA1: d7f0cd96e93a5ea5fb3497f1f2251d5628007163 SHA256: f1f11109f6a42122cbc89de31a4a48d43c5801aaed0affcec06da1410ff3a198 SSDeep: 384:pWFugS6zUJkcpnHnJLLQiRDOxWusAanfwM/z7/x2iCi9iJ6sv7EMVJ4H820PHjdT:soV6ypHnCIK4zYMn/6i92nvYac8HHTzt |
|
|
| C:\588bce7c90097ed212\Client\UiInfo.xml | 38.41 KB |
MD5:
4ab53c44f1843b3291a433f8d11a1200
SHA1: 604c8be8cad24c619fb76bae425f263a589abb79 SHA256: b16f891f9720da8a35a3ec053a39be8706f3aafabb1b96b4d93a471ad84f2ed9 SSDeep: 768:1D+fEYpmx7hNnrSx3dlMQu1lmewKkKMiXBQPwLI/txiAjU0E:1CfEqmxNIx3dlNuo3eBtLcU0E |
|
|
| C:\588bce7c90097ed212\netfx_Extended_x86.msi | 484.28 KB |
MD5:
ece4b2de7a366c97984c33e0e00272d9
SHA1: 905525b1a463753b90cc7c54dc2509090294e38a SHA256: aa4bbeaca260d07367244838147eb23bb4bd57339673c03efb35199f5061dbff SSDeep: 12288:iaPXQpICQSAd54B6razfDBFTcOQtkVu2HKccJ:jPMcdRrm3wnmcJ |
|
|
| C:\588bce7c90097ed212\watermark.bmp | 101.91 KB |
MD5:
7a79d87b6d564220e5853893a62cd6a7
SHA1: 1c45553f5fb4351b69b21f17658c987f335f36fd SHA256: e8715428f83981a7958974783bffc979fc07b30f25267227a14cb3a533ab2a6c SSDeep: 3072:auU0Cn3iv4Tn5XhpWvHz5QVBm8eGeAKz04zu35IFmo:vU0MSATcEJgAKz04zQ5Zo |
|
|
| C:\588bce7c90097ed212\Graphics\SysReqNotMet.ico | 1.39 KB |
MD5:
e7efb211d774517515b88ac385a8defe
SHA1: 8d6184d930a7723b1366aa5c7dd7fbb2c27901f4 SHA256: 446fccc09eba6182e4f0c06798f6fb34814729f6f3748eadc390a156b5648a93 SSDeep: 24:D0QSew8pv/gAs/BlBIwab8ldkQ23pAo4DhOENDCISy+UO0A7th3vwCuy3H:gTopv4AeawTXkJd4DhO42+2h3Im3H |
|
|
| C:\588bce7c90097ed212\netfx_Extended_x64.msi | 852.28 KB |
MD5:
75096f78c80c0ab366a1a08b44be1b13
SHA1: 35de2e157e8a49b2e8143aefb49dcee443ef9b45 SHA256: 273551fd3eccb8f403b6e9206cf58e1be4e8821bbea407faaece83bddffedf78 SSDeep: 24576:pLN+eWfO1eyyqzRlGCPxajPQe2WW6oyeBoBz0d:pL5WfO1h7RAC5aZoTd |
|
|
| C:\588bce7c90097ed212\netfx_Core_x86.msi | 1.11 MB |
MD5:
4f2415f85c3838e4242a9517b27f8953
SHA1: 8b45924a0e6f4d23f8f358eb7c3e1178c5bc737c SHA256: 25d95ce4694237912ccf16419a5d97356a76f1e7b06af0c729b1860168bc85cd SSDeep: 24576:f6cmppJmdHQZr2Fl3zp6ruhrpNhCGIbMIYRQB2GIn0hnJx:aF2FlDp669pNQGVV/09b |
|
|
| C:\Boot\BOOTSTAT.DAT | 64.28 KB |
MD5:
5708170ca5ce0048c39af15446ecfce5
SHA1: 4e6860a939795c14594a9d6f1ad92d159d1c6a23 SHA256: 22da009551fe61edff866e0c6a8404125e2a1057c17f1824f1172060ee522104 SSDeep: 1536:223VHznX7ifDmoLCKhu1rAbpNdSba66HOU/orRGLXJ1j:nX7cBHh2stNQ6sGrj |
|
|
| C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu | 4.96 MB |
MD5:
07e83f54ae4ee7f164cdf90249c23fcb
SHA1: 2919deb52cfd16e6401d0b3bf4ec01f414dd07ed SHA256: cda454f7543a28a3702dde5aede0ae06dcfb545b5a5271516a07f0067b95742a SSDeep: 98304:R1GSmgldhrCOUjX57BkOKxUKnat45mFe4H5+Ju4JKUYc93iKlOKJhlV:qhOdhwZBkOK2Knq45mY4H5OMKkKzlV |
|
|
| C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu | 4.86 MB |
MD5:
dbd9eb2234c2dbfc5b1dd47b8e6d59f2
SHA1: 92f845c61d14ef71b5b10f11f13703da17aabd3f SHA256: 786ff43ac2b5e3aec6999445e82e07a7a59639b0bb357239c5844cf59855e324 SSDeep: 98304:0+OPGv4bsumB7c8pKy/aBHTKYzKXH54UuFe1kBpHua/KUKcs3DKVDK6rCj:Qa44IBBHTK8KXZ4UuY1kB1iKFKmo |
|
|
| C:\BOOTSECT.BAK | 8.28 KB |
MD5:
13929a59ca541182af1bbf06ac4ef742
SHA1: 9eaf10d5134dc590984c4a9852118d45dc0c5f8a SHA256: 64e6b3b5d018a6dac3d2714278596185f8dd02440adc2a767b9bc4746a4e470b SSDeep: 192:uy87SpVEwuHlk3VykyRaRBEoctY5rDsj8s3Mi+R1FjxSzqzKUXTZaFjYqOWytn:uxSpVCHlklmUutOPsjpyBxSzq+UXMsq4 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK | 0.44 KB |
MD5:
588cf4223833e9f31f712c09ab278ce7
SHA1: b897db6423322ab3e28009da1028cd7fa820ee65 SHA256: 4b644e199de81093041fa0db17974e468860a4712cd1a3b3b8e6a657b30aa227 SSDeep: 6:2yg2wkHzIj0hooA7zxnD7Z7u3Vo1Ow+2li4qTqmAFvHhNSEw06Y0ZTKMjWU/buds:vTe0hk7zxnDM3VikD9pu57UDuFXw |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK | 0.55 KB |
MD5:
9fa911fa26eb8325be8b6403bae7e5af
SHA1: 1b7a4eeb72879271201626b41a28cc7d28b00656 SHA256: c9b253edd6723e6ae66d6cf1d20484add670f6c16cc6af1e61bda70a8a22820f SSDeep: 12:c0qt5JHQ/ThkjyftXvPy6LVaNm/dV9LJPn:Nqt5MThk4KcX99n |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK | 0.64 KB |
MD5:
b2ebe09f969abe8479ca9f0fbebe9dde
SHA1: f0231eee7461834d2ffac82b399263c8c022c81e SHA256: 2bceefebcd166def242500b4e2703ef0c7b867e5083c3568a6d29d5610d9d7d4 SSDeep: 12:ptfjlPEP1UZbDnSfVylItK3/ny+AHjJE/x4mhtlVHiO/40th3:ptrlPxbDnStylmKPnCHjJE/+mhjVCs4O |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK | 2.36 KB |
MD5:
0c8ba948d45b069e79e46f671234a6e0
SHA1: 73b9e9306acdc5d3560b1c3b0adc66f48faefdb2 SHA256: b85dd032363411237823494a8df08a06e016b5448a65760c67a106dc17752cad SSDeep: 48:f8986uFbe9TpG18+WZOMJ36SkUWOhgCTY80X2ZNwVbQ2L:0986uFC9NG1mAMJQTOhgSL0X2ZNwbQ2L |
|
|
| C:\588bce7c90097ed212\netfx_Extended.mzz | 41.13 MB |
MD5:
505791b7fa2dac44479a5a17cf614465
SHA1: 4faebdb9fbdfdce039aea8c08e66963f89c8d57e SHA256: b0cd9a2fb66d5949ea1bc985e55e6632247edff88c330358874fc82aeb03d648 SSDeep: 196608:ymjCWWbi+uvx5roS4stXIcZXdxts2bdgx43PAMfQ:3jX+uHroBsietPxYcQ |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK | 14.89 KB |
MD5:
f9dbec24791cba6b1cb0920b5813d887
SHA1: 9c70db2a52faa6bcadd773cd479087218539959a SHA256: e982b76d46ba8f22a20d6c86579e18332c17b8d01922b0261736b31e58d3045a SSDeep: 384:J/H1NKm5VHHI2k29e3+tw9ul3cyka7ZK+d2WSa:J9NKm7n9k29amPEa7ZhY4 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK | 14.89 KB |
MD5:
6e7d56ec596698fe3edbd9faad348e09
SHA1: eb37a588cbd12d5b999c9dbd605b7dd8ca0b1448 SHA256: cf46d1edd1f5a9183b0b2775ee61e9b8dfbff0a911d6af8711c53ffc8b557a59 SSDeep: 384:iSt82sDT6sI+q2wZGnE30PDFd5e38oVo2h:5CvTz9bwZMqiFrfEo2h |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini.RYK | 0.44 KB |
MD5:
4d9c94ed548bccd6f5e925a605c60552
SHA1: 51f8b04ab870cb68630a19680d1619e2cb94ae8b SHA256: f7d7bcc0d0a79e60ea664285a04726b183f128c03f1d8d2776470a633359a08d SSDeep: 6:KKA2o4+1NMAtoqpqRra8CmaIA5hPEgQebdX1updssykHhL9bve+olhFqFEhu34Z/:Vuz1NacKS5ERm+pLK3YEhu3w8C |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK | 1.05 KB |
MD5:
0d20ca3fa8c03a1ede6b1a2db6fb583e
SHA1: 49491096a2fc10885bf313cb3a67ec25c4c31014 SHA256: d65bfbd499eed132746cf29fb97c104d973d16ae490fadb47a012f9999a86b37 SSDeep: 24:26G8yzRKLZp0fLtsTi470fu1UDUdzo96iaVTz4UH:2qoRKF+Ltsa2cO |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.002.etl.RYK | 12.28 KB |
MD5:
43e216895fbf847ef8c365a21efbbc60
SHA1: 74fa21fdc672dedceab20e7ff491ff89352fecd0 SHA256: 448ee4efd6ae05213fdfbc22c04fd9b7bcca5037947eb5b2dd609a406b083ee1 SSDeep: 384:wk35xLCbXCTZLqT6KsIQgcTp3yb+4Srjisn:wmL+CoIpsSSc |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK | 0.64 KB |
MD5:
2146fe12ddcaa53194de37ec67c13673
SHA1: af22cb996402ddc8c8f445fe353d0b236daec20e SHA256: 833b368087a046b010c5ae1dd2a6fb32467a6445e57f943b5a04472658f97a4b SSDeep: 12:wRVhX63fq5HZUrSTXC5EYTtQXEUzzu2b4WQI8j532xIrQbvG7h/VyU3jANB:wR/XcilZhTWTtWQIqZ+BU/yU30 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK | 8.28 KB |
MD5:
9b36bfb3333ca3aaacb5ed18fe3f4e12
SHA1: 4321bb333d4e7f2e5321051d89976e04a94c2379 SHA256: f1386438fa1d36ef13418aac5d7ce6aac35e2a40ac8a80591f152d30ea39c171 SSDeep: 192:skIKMgkiWhMj3lBRk3ug3YsPhFiUIk1M4aVMwI14tic:skHMgkFhAwu+hgUpM611Rc |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK | 2.21 KB |
MD5:
8b807aed2bafdc3db1c51cbb4f143ef3
SHA1: e58a72e41f1d6e4d4b88928ba622b103cc11eb34 SHA256: f07f0dd5effd4f91134913d05543a0be7bd622349c7a3aef592027a90281a089 SSDeep: 48:kL2rj+h9JuyS4g9k0fc8rARAdL7D2jVzY7tEAadr11ewkgC4v2Ef6:h+DzS4gVz0RAHDUSqL+wkgnT6 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK | 1.63 KB |
MD5:
34852d724c1471a67e567c8eaa0fd931
SHA1: 4ef4feeaa20820bc7158c6c1e8f10a8661701612 SHA256: 5a78266aded7090e543ef474451efd148b6b1388bc09d754cc6f0f976709a995 SSDeep: 48:c+Nb6vU3gmeU4C2cuu/YiNzfAxdNaAfSg:cqCQgq4CUAYiNzMdNrp |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK | 2.21 KB |
MD5:
1e979dbc2be29ce4ddb946277c636c50
SHA1: b27a7dc07889190702247da2d48f8e4542e83d44 SHA256: fe7d9e0190759600edb2b0ec0cc947919c3d04deefba65286c4ef6b65c0ad36b SSDeep: 48:QKgXKEN774FZQ+FRfe7irnYQPQTarNiP8ukVd6VPv:QKgR70Q+Pe7iLbOaIErVYv |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\edb.chk.RYK | 8.28 KB |
MD5:
01fa518b9d7f3912668118dffb62b1a8
SHA1: 31d5de2d685d97614c3a7b6875a1dd9d23affc37 SHA256: a2dd671bd2dfa7887b2fc79e0cd09d39199fb3f661d327ed58d5c8630b1f9cc4 SSDeep: 192:6GOPQFdSQ5xgB7sPwIrRpl51YnJ3mm76WOnN/n85jIHIoinDufeO8GK:sYX9xgC4EplAnp7ON05jQibO8R |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\edbres00001.jrs.RYK | 1.25 MB |
MD5:
128f31b6a13aa4a9bb722804c4f140fa
SHA1: bcf7c7442abdc5ac9275683771c9dfc824defdc3 SHA256: 0c2bff09707dce36e88fe2232a8eccb26c6b2adbfafe5d39e026ef534be5d9a2 SSDeep: 24576:VT3RA8mJ2Q2TyPRmUL+m8Xr4Mal/UVQduKr8cPGT/NcVAddbwLo4I0e:VT3686qyPMULn8XEMa9U8fNOdhwLo4Ne |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\edbres00002.jrs.RYK | 1.25 MB |
MD5:
9dd1989a10da7155e4406a972e5d9798
SHA1: d5f6c8faddef192bc37481213c440246884e5eb9 SHA256: 2177bd0512a5e21ba02b762fb9ee57c5bbbececd6689cf53036b96801d23f64c SSDeep: 24576:sfwwmGJnCjzcBzNspeySlgf+NAMZO7oSKd+122Q1Sac0hSZW:sfrmFcwejafoARd512L/h7 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\edbtmp.log.RYK | 1.25 MB |
MD5:
edec118a409c93de84d08df06c3bfc9e
SHA1: 93dee75f050e23ecbe13823558ebdd0b2b8d88fc SHA256: 44aed22ed78e1bd3444ace56cd61b0bb833de987abd80b3c4c13e51e1d713da4 SSDeep: 24576:4frLHHLGnby7hAinjcX7ZcB1ZhSC9Hmpu5ZMCLVPZxzAyks42pshCBF:YvWkABg4WH8uPTFb1tuCBF |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Storage Health\StorageEventsArchive.dat.RYK | 5.64 KB |
MD5:
3e259d7ae7d7c78137367622298a2b75
SHA1: 7dd649b9b04d3d347f14609249d1fbb251f5a0e1 SHA256: 2fcf25901e8380106a6a8d72a76bb6184364c89af50ca475a942f8134f646e9b SSDeep: 96:d1c4HC2Qn3Xz4MAPq16hxU1p26MxoeSPY8kdZOOWHvhf+h6++gvuOT:d1i2Qn3h91yxU1pCxWNAOOWHpWh6++LU |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.RYK | 0.67 KB |
MD5:
d178204934f8a42d4c23c736cad37dc0
SHA1: 27e8fe4821675700b3340ffe34ebcff936559d1e SHA256: 81b73de4ccbc3eac83e6141a712ba7fa744f73cfef1ea22cb3b305d8a6779581 SSDeep: 12:YLllpMVaoEr2GnLHgUNH5elchCHhX6JwwJoIV+KOGB8S11E4aUBs6iFaOfZvpgzj:WrpMVYdH/IlchCHhYhJ15p11ErUqhkSq |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.RYK | 5.55 KB |
MD5:
8f648e7bc6be8a867294f5cd30c45dd2
SHA1: 56c541d16f719d6bd09ee09daa44843cc12cb0f4 SHA256: f21e5834295945d70233c481d9f890455813fba9992b49d641ad334d0b13d0d5 SSDeep: 96:T8FZYKJb1D3Q6oweofyXDC5gAto3hVnLOAAp85VVLJrwZjIV74UIC7bXLt1JaK1Z:TgaaNQ6owaXOgJUibJHt4cXLXJDZ |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.RYK | 0.77 KB |
MD5:
79e528e0f3a107e07d8df761fdadc8e9
SHA1: 510d9a69704fbf68cd7725df0fa9191cc963aa78 SHA256: e214b46ed91daebb47dbbec6eec4e64cafd549dbd5223c03d7fe584714e72070 SSDeep: 24:7kkF3n0gaP4fs7MAuJx4RVdcnv+Jt0bCYacKPmtd95J:4kF3n0n4fs7V8x4Pdcnrb1Amt35J |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png.RYK | 2.63 KB |
MD5:
4b3486e808b42e2f2bf9adcf721704f5
SHA1: d0dc439dc7fcf7a69b7f667bb141ac94733d47d6 SHA256: c3766add9b47f389634393ceebedf5cfd832a69dd9818523bcc97c4352450910 SSDeep: 48:YFGF2QjN5GlRZ84tXvtffET2yOnZ2eEP+IwyqOZvTrl0Mel0b9mOg:Bb2lo4xF3Z2eEf1Vjel0AX |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK | 588.33 KB |
MD5:
ec0899685c53759f82c0ac041a9be521
SHA1: 392b59bb87ece83365dd1fe2bab7d559f72e2de4 SHA256: 2ee0e24ffea35a7d1314b461e182e3d310ebd8a819c725ccc4de36d73b7f89db SSDeep: 12288:eTDNWxmxSYzhvPqjaeRtjJGO6+7ERhxbmOwaOLaE+sTOb5Pz:kbUjlvtGO6+7ENxwazbBz |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png.RYK | 4.83 KB |
MD5:
41d09cb7e1d6098609ee0bbc77a19976
SHA1: 99d21db1638e66412c979a1c671d50ad7f088289 SHA256: 5c56f04b59d131d05c6c22e7b860e4b2662d2a950235eae6e25ca2e6714d46f6 SSDeep: 96:WRMj/inzfc2D5uwseJ9hL252wwesIn0vZbmq2ud0tFQ3x4Zd/NSIaq:Mm45bseJrC52QsDddh4LxZ |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk.RYK | 2.64 KB |
MD5:
5f8521df735635a1f7da85005646198a
SHA1: 43442613cf2a2fd29ecbcbaab34d1ad210bc6771 SHA256: b06369cdd77d32fcb1f34d077710dd8d290361c35030759a403138892e85dd83 SSDeep: 48:4M1fiJwpUidbxy4u7NP3PKLa2zL4K8HRcFINWQ9ipWycNkAB8gcOWto:51fGo9JulPKm5K8x4AnA4Nwgcho |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK | 0.64 KB |
MD5:
9f7ca12d6a066f49f2b97b9a792a7de9
SHA1: 515a587655fb221abfab62f6a500cb229eafdffa SHA256: b6bca87dd2393105664b6364fea8ff90e4dbe4380faa7d52ec9a6d5b4fbdb150 SSDeep: 12:vXfzylZ4UYs6e1gam7VuX8VLL2NLfLgXaFdHHjVE2LEFCokgxpBwAAoL9Tfc+tdy:vLyjbm5K8VL+Lf0XyHHja5F4CveOfc+m |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini.RYK | 1.72 KB |
MD5:
a285aea44529378985a85b597d775634
SHA1: f1b9c078c0d93c2439dece8738c1b3c18b484ab1 SHA256: 6e84d34bf611943c165683ec3220a0c2a6777aad21af61e75b212566015d5169 SSDeep: 48:auoxPMEQX4AkOJNClxFauBwf9exh8XqroTu+Ljj:aNtMEM2OJNCbB/h/H+Lv |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK | 1.38 KB |
MD5:
1e4c80c3de4ea6a914f1f8f55e650717
SHA1: ebb8f61256b8cd1d531ecd2ffb3f44e01503335b SHA256: 46fcef2cc041d4082eeb73605f4c349e2c93e64c9c7ce08492fd241a9d133a3b SSDeep: 24:iokKLUtPcco5kDnvCrvlvyE9a7YCj66er5dt/0YW/yViywt4VtflshpSqn:WKLP5Sve5eYCjLe5/jWputCV |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Quick Assist.lnk.RYK | 1.41 KB |
MD5:
97abbd4fa5b410b096d4424d3d239838
SHA1: 889d942effbbc9d7bae2fe62a48c8209e957101f SHA256: 80e90067995303839441f8bc3294db448fd8257340f37e557c673ef9ce446096 SSDeep: 24:S0YOJXVkxJAdTIQY9wompXGeojJ3YFO7SpA/JfCI8NzfZc8LB0/sYeY508EiWVDC:S0KxJARIQYfmP9gMA/FCI81CEYe6EiW0 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.RYK | 1.41 KB |
MD5:
42d1d4e515c9899939478f46c6e44729
SHA1: 8e3cfe228a5610db5967104264a1dd30029caa2e SHA256: d54518119bd8ddee2ca68bd2a54661182b6abcddb4293cb1a8e4c0a16c1f8627 SSDeep: 24:7CH3vUR4g0KYc9sVxZIk9p42HsjCLKBypnqEaHuN2407SekXAtPvTGe2stW:7stDKzsVxlGbcMtON24Cw63X2sc |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK | 1.38 KB |
MD5:
3c951f7605a6a8a443856ff3da342670
SHA1: 10ad671d203df701cdc1ed2a4fd9677c705d89b5 SHA256: bb5e4371f0f68b549ba9fa34a79b49e5affc400ec7c971b93aef9641cbd2c578 SSDeep: 24:S/a3Cu6OlMYYXdbVygm8W/os7SrrgbETVPzuosMn9ItcQJxZqX5w:maCOo5Vzmros7KuSfb/QJh |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK | 2.67 KB |
MD5:
d5a7436386f8d9099c959c6c981bc789
SHA1: 3969163bee0a6592f4d76985468eb7cc6940087e SHA256: 73b17840a996a1e532d5330ca74e12ab8ec4b2000774a7ae21eec07555f01acf SSDeep: 48:7B7u+ATal1cU50N8dhlon92EKTvah1TveXqondSbz7BAwbVU6o2otjA:7BmTU50N2Sn9xKTihVveqond6HBAmU6J |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.RYK | 2.56 KB |
MD5:
d148ade7981519f340dde1bfbbe6dc25
SHA1: bf893a4fe8f7dace2687bd0368023ee417ea412b SHA256: d3d39034e7352699bc7bb74475714390b509f48470b05c8cd685070ded74377f SSDeep: 48:o06Ig0xUsTRpPfwDV54KifG3V+l9mdTvOkNI5xyWGUpGX/ma45R1b9d/vHMWk:ZUsTnwR54Kif9mdbrNI5MH2GX+bLz5bk |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK | 0.46 KB |
MD5:
05730c1b046fbcdadff5280c07b03726
SHA1: 8ed79a88a273709067219a71b181ceb79a719d54 SHA256: 5e3fd39be902dfb643c2a60b4c2bf90ff14ea0de2959054feb48477c85d28ebc SSDeep: 12:WnW6axF28/M1Aze8Crk65/8dRPO9Wo9RmPIYDBQCq6g:WnSg8RzTCD87PO9Wo9RMBDI |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk.RYK | 2.44 KB |
MD5:
ce902179851572cfbcaf6de7779e204b
SHA1: 18ef2eb17f615746fca74504cea1f48313585eee SHA256: 59dacf5a68dee1f7536134305c806f1ed83bfed9eb3dd82927f9607f5f1955af SSDeep: 48:jCD5T6SJIUN+SJrCgjUe+28n07JrwDRQo22Mtch4s6h7:uD5uS9tjzvEDRQoOx7 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK | 2.61 KB |
MD5:
570bc3c0beca4b872a8fbe44013f3b4e
SHA1: 12006e6e20e7bb008f5781c90798915e4a6e2218 SHA256: c769d1c7e2c2ed5a099941063971df89ea24462aeef55910a16d179a97ab1bdb SSDeep: 48:XBWKZ9vyI4mYDxC/sN6sZtIb0z3tlexNTIAesLD5PfoOAdjb:XBBZ9vTs7b3rDAesLiO+3 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk.RYK | 2.39 KB |
MD5:
425312dead06522078f166f0958805fb
SHA1: 1482a7b24d1fa96beea003bef32c7da2caeed491 SHA256: ce621bf2b5934df2c43005f8479fe4be5a468655c8ef0407fa1a52eaceb162f4 SSDeep: 48:SVvDExEh2eTDHNaQ/ghwcL1F63NLziUNaUtk6ODi7Wca6PvSdJPDlqiCby:SRYsBaUgCcOdCUNzt/2i7WcvS7AiKy |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK | 0.44 KB |
MD5:
327c6e95c761e66d96f7b75acf855cb4
SHA1: 7fe24d5028131966c397a6c55c43e7349fc8fdbf SHA256: 804a2ed9774f870a9e78804de94eec092f9d0bcf419aec4cca27657f88cdbc1d SSDeep: 6:uX6mc2tivxstN0NGLQAVol0Bl7kLxg0wfSWswOk90yCXZHMo5e5Frhp7IBWHy7u3:Rm7tN0NGLQ6AGuwOvHhe3rTjQu9fgi |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK | 2.35 KB |
MD5:
91887cd20f2678b9e5837681774b5b90
SHA1: 5b5a71732484c026d1ba8afed060a26da580d642 SHA256: 61fca6fae7cc9e0bcd80fdf9395a56ced578f11fce86b149589aec7d26564a8a SSDeep: 48:g5L5sO9Kggw0Fk4DZPXuFc98HBYN4Nmur0Un/8Izpy007WeDn2f:gl5n9VSk+ZPXuFo8Os0Unpyn7Wew |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK | 2.30 KB |
MD5:
7dc2e38a668b27238216e46a46ad881d
SHA1: 2d5b72409d0f04843536c2da7c5344f9b8c90ce2 SHA256: 7e008c3d4bfb77f95510484323b03035421d7aa26b1d0392b3c24d8c6974817c SSDeep: 48:n99Nzw0jqKHBcjXv1zulEqfg7/5cI3FYkpx9G:nTNOKqpzKj2/51FYoG |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK | 2.72 KB |
MD5:
45780ef5fe71ae7830e8c6feb872702d
SHA1: b22bb0a86438c4f3bdddb86f8248d5d37b4c3b15 SHA256: acb697bb06f015fafd042d7b4100734d54abe87b0b7cd436f1156cc759158381 SSDeep: 48:+xJn9EkHvl4auRZ59bnMgo4NEhWtm/et/Ry6zozvkk4dYo6m:+H9EyzSdnVVNwWtmu/RHzqkkY |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Startup\desktop.ini.RYK | 0.44 KB |
MD5:
e327aea7eb9679e0d1b185cd15f7ca9d
SHA1: 5acd9f94a2d8c48a217c2880306b7e58437bafa3 SHA256: 2e0f07e034d788f5c74850d98710aa7858c070a5999c44c3cce7780354df242b SSDeep: 6:V8+N6YCtToYKjeuaJJ3UGOjUy0fLi4UQrnBZXrvqajKYdPzMEVpP:6ACtTopjeuaJpUGOgNn7ryHAzMEVpP |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK | 2.67 KB |
MD5:
dae47680a6120be6965ec618ca91755e
SHA1: b935e49cf31f9b8c3d315ed1d9597a96f2984be7 SHA256: f0ba259254fd742cea344ffb2bed372e4e634201fbaa4ac5380659b936f08ff0 SSDeep: 48:0yKbtcxrRBSrftXRt7pQ1E5h9K2H6Mq+DqFsosRIZw0j5evr4gHzYvwjYEYqf:0yKbYBKt7p9Acm8qFsrRIh0r4KYvwjpf |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK | 0.61 KB |
MD5:
f00f75b8b12c1150ca9236b21d557ec5
SHA1: fab7f1dd10a1f005cc4f07868b2222d0a48f9850 SHA256: 670f30dc17d42d17f4b7cb129fc2510848a63c469c9c4bd38e80dd6279306180 SSDeep: 12:zfljdFZm8Le4jpyqiQhY6Es2QpawSzy9fLsd0rllPdnPjl12Dn8tRtbmvsKZZN06:zlpXNe4tyqz2Xc0wDfYdwlP5l8CRtvA7 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK | 2.38 KB |
MD5:
5276808241d911437b76ebcb26b3d6b4
SHA1: e1bb63f86c2223188e1492aee9142cdd6359c60d SHA256: 42d4f0b132a1fa9306731357c108c4a6e9524d451210f0ea8e07b61125d0c2dd SSDeep: 48:CqmANm1nBnnQgYOc3pjkHyLOoXZzUA8sn+40M1NjBLpyVC9:zmNn9/opAHyLOoXZ4D41PjByC9 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk.RYK | 2.67 KB |
MD5:
3107d9181bce0d23c36117258607fbe3
SHA1: 11737e1e6bdad53c376315e74c9753b5159e86ca SHA256: 3af5e04c6a3e6d015735b056c6f7609e9a1e420ce0b3e2ed0fc7392a27799f68 SSDeep: 48:mWgPkOLWuiKISi2vfb/EAP1t4dn2nJFWi9qrXKdB+hzREklzukGbkercQIc:mkcqXAThb4lPrWB+RdBGofQIc |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk.RYK | 2.67 KB |
MD5:
821c55f083e11c7a940f4dc412bfb752
SHA1: 95ad70f5584b4c3019ae204d60d0f4f6abd9d84e SHA256: f17773b738f1266ecd884842988c994558af32112be03486db77e47933c0db43 SSDeep: 48:j6REZ33TakD/mXqqKPSF5fN1ZrkwXGjWxszH1bWW2YJK0:OEFjaym6qmSFf1VkqkWmyGD |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.010.etl.RYK | 8.28 KB |
MD5:
6c2de741ca066263ede2a4363202f60d
SHA1: 85e94d22813dc9fc5ce83d0f3d7029245a2bcb29 SHA256: 752741fb494e5bcdd694b3d65589c7d977ab86486873c5c62c00ca452fb3f338 SSDeep: 192:C1tpVy7k/pJIFZR6zBETzIWFcqCaoYy16xG1uyeWvi5p:Sfy7kjiIBE/nFcP8yQExe/H |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Windows Media Player.lnk.RYK | 1.81 KB |
MD5:
0cdd5955409bb8a08e99b272c9b196d4
SHA1: b5697e31f0987e08ca0858f6177bd05b212727c5 SHA256: 7292b1fa6bc0c78ed2aaf69d68966958fab51478bef059dff37ca563ca55bb6a SSDeep: 48:ztnuRp6g6eP/M4lijS9YVvxhvHw05KerUY10dwSisD:BuR1vEyMP/L02UY1/VsD |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK | 1.35 KB |
MD5:
53ee6604bc60b19b4ac26753d776cf29
SHA1: d3b3053465637ce62f313ecd62b7c938347a1786 SHA256: 2b2e2e4bf9378f463a4a74ba3df78fc314fdf44b2c8b8b8aca94848e2a395dac SSDeep: 24:3IXA+8D5AxEz6LWXJG7TLzDps9Ser1Tw65rsI+jKV2XENeli5:4X3uAEyTLzDpuS0b5RRVxL |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK | 1.41 KB |
MD5:
00d6032622dabc1634978798361e4ed3
SHA1: 11233e8a736610f7680a3b5fa9746656bc86261a SHA256: bf93f3b5c8dd724be4a381b9ec92f077b9403d22bf59b44cbd5ca648082d8b77 SSDeep: 24:F0td8CAq0rUpTNoKV+/w+R8Ggl9ucyoqbPHSYh+xUaqsMSEvWdINlugB5+WmVDg:F0dNfpHy8GgucDq7yY3ptViIUNV0 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.RYK | 2.81 KB |
MD5:
f7937f52b0a443a47d62db960226972f
SHA1: 5d8006efb5e7692da45a22a1ca243893391ef186 SHA256: 54c79688078e9bfe879a08a35a3ed1c69115deaae27a092f468a238a7f57b257 SSDeep: 48:G0h7Qxxtx3UOii4VSSOLm5riJYJrSuGXzqGXuYn+fFuavYh3Hl5AfyAeYL+h:G0sxtKa4VSSYm5iYtFuzHXuU+9HvYh3J |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK | 1.41 KB |
MD5:
b89bcd8696368919c5df661c0c6a8591
SHA1: b894890508984e4d9037cd14260fec448c7120d9 SHA256: 242825bf72fa227adeae0f8407a5510d7999cedfacd3f3f1f492df134cd50a93 SSDeep: 24:u5Exls/N1Khw8kNq6Iveg9Dn4Pqc4UwZgrtkG8RUyf91OzbhgR0IhO+Ru8J7mNOT:XHIrKmrNcTpnf/Uwm+Dy098JolRlLZtj |
|
|
Modified Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\588bce7c90097ed212\1029\eula.rtf | 3.91 KB |
MD5:
af112af8655f620f9d0f57ae178b7712
SHA1: 4d93186b3dbab583a10e5b8422df888accdb8fcd SHA256: e35aa9215a63699e978b75526d6021025647e867e864e6259c13508d027959a1 SSDeep: 96:PltUHPetZi6q83TwZpLbVhivq/x9lVChicbwdbkSioO6Nl:PjUPVZOSZzVQbYbfA6Nl |
|
|
| C:\588bce7c90097ed212\1044\LocalizedData.xml | 77.72 KB |
MD5:
3aade65afbaaa2cc6e0a84ce7b6d7a3d
SHA1: d75dc62effc3d33fbe4960b3aa2a09c34d486925 SHA256: 44c045c43b9aafdb400cf88627b205310c84420df9f6ac182ccb7b76b4d96aa4 SSDeep: 1536:OS33p3T/v0X/0Qq0+7xTir5TPcKumi8d4B5mW/ErUHi9cK9h7J4asImU9KP:R5DvK/1+7xuZomis6EQErUHi91hJ4zrh |
|
|
| C:\588bce7c90097ed212\netfx_Core_x64.msi | 1.81 MB |
MD5:
5ebd4a974ac11fac7295cee6a1a89249
SHA1: b7a701b93ec0ae2a4cf5e0f94871a85300e3d53f SHA256: 7b5a248ed30fa151634c877f815d6c6b91ed6928eec3ac5b8fd63bded2ca3285 SSDeep: 49152:cQbsQs12G65EDZYV0m507DUVn4l5zicvOUw9j3xRe2PKpA:hbrs12G9k0/D2n4TbvOUqe2iS |
|
|
| C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu | 2.09 MB |
MD5:
6e4b90fa1e55b9323b45a863072c0a93
SHA1: ebbede98593d1373ad73b38aaa1e73e2a6557a62 SHA256: 86e780dffc7323758cc46f080ed497c94f473d922a367b221ed6401d5c98033f SSDeep: 49152:K28b+dTRF0ljVQa5N0CKXsfyg+voq45Ts/5O7GmayrnaYL5:fd93a5LKXmygYoZU5fma4aY1 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK | 0.64 KB |
MD5:
73ea6c6c788354c9836f137bdb7ed9e3
SHA1: a1b5498e4a46a64febc66df06436095abf0a5046 SHA256: 364ff2682cc94fa6d5b7ddc19538f36bfe8c08fb1f7539579f0da427043887b1 SSDeep: 12:IRI3xPNJOgz/LVJ0Id5LMYj99Y95HYdIAnAczxU+6j:5W4JVdxx9Y/aHxzGj |
|
|
| C:\588bce7c90097ed212\netfx_Core.mzz | 173.08 MB |
MD5:
88cc29919734d2acd224b62e1a70e33f
SHA1: a9b4c4621beef8f784202f1c480739f57ab64d8e SHA256: d35b1d83a617352096ef3e528a34f186d1cc5d874904cd226d5c581f15bdde95 SSDeep: 196608:Y6YwrI+y961Vg3Evra/MYK3fHPBfE3gBqjY48IQG9up5iGbNOuCNggf:Y6VrIn9Z3Ej4ofvNE3gBaUID9upM+Iue |
|
|
| c:\programdata\microsoft\user account pictures\default user.dat | 588.49 KB |
MD5:
a6603cb557358aad3e5025c2c5cde1de
SHA1: 83822de63b362966481b608d417631fd566fcc1e SHA256: 7d11e66b33c23acf0a4c6e904deff1ce250bdd828f5fa517e781bc614aa69401 SSDeep: 12288:A/md+w/l89peKBlZzSXFy33naaFc4tprKhEat7a1XHJ:h40ApeKHZzSXw336QxzacFJ |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.RYK | 588.33 KB |
MD5:
7eeeef0fbbf6620fa9eb51a022b536aa
SHA1: 6764fc062baa2924c71ef5786ae7c34abf8a8e87 SHA256: 91d38850c1065e19515d6108a184fa7936e733860c86f95a300fde26f280a62d SSDeep: 12288:og3nNE4RtVyw7d1LubXWQBhNO82XhgvvthcQu2Rm95h:oona4Rqw7vuVwgHthcQuGmd |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png.RYK | 5.55 KB |
MD5:
881ae20b4e69ccf608aef756c7e281e7
SHA1: 86141bc83af780e897b00846905f89ce36737107 SHA256: 6f9e3e329e7ea878bddd7cdd0d8a36c0f8271628f389114fe144748fa1dbb56e SSDeep: 96:T3ubqP3sMBidgxNlzeDUvPxGI9mhgPrU9s37a4DGAdDEPX6VQ4Wz1Ps+xxdjL:Luk3sMUOx0cPxGSJPIqrlGAxSX6Vc1Uw |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK | 2.64 KB |
MD5:
f67d933feb6b1862ddb63fd500dcdd1b
SHA1: b0afa5e185f03154a85b0cca7ce23d103a947b00 SHA256: 5796c9c9ac2a20e7e1b3fe1fa5a4c14a919cebe4f297f479bcfcbbe6988f94d9 SSDeep: 48:0qZDAxCn7oEl7W5UnEcrQf7Yuv/2f3R9J7exwmtvoBAi5/RL9KZxDhokEYiBnch:NZMxA7ocy5UEcrkYumfPJ7eir2i5/Fkz |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK | 2.33 KB |
MD5:
85eebd1fe165883c0500a10df95aa487
SHA1: 7c18f159ec82662e02687eed1a38f3adfcedfc6e SHA256: 0ea421e79de045d46c0740e05f0c884e97afbfa93cf493e8b499703f18faacf7 SSDeep: 48:E9yz43JucTixPXznTdfChxzYwslZjxjkwjZYcZocHrvx:Eo4kMGPjTdKhhY5tj/ZLJ |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.RYK | 0.46 KB |
MD5:
3be2286b94ff41857b1caf4ce4a96d1c
SHA1: 9d2707d2051fbfbdd5dfa3d7d50e15cd6b0d1ae1 SHA256: 2f3a70a87e93b4e35b42722ac96633d410c0fb4d3606c2a803a97e977490ad19 SSDeep: 12:tlSsXGBDKpZJoB4lwiduAd2Q0qDXl5prZrh3QDKzuIVn:tgsaDK7583Q065FJh3IPY |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK | 2.63 KB |
MD5:
d89ca72936ddde3964562ed50acefa8b
SHA1: e6bd4a43b24ed9e8dafa3b3e46db4d4959b45a0b SHA256: 29ba71439b47ed811114b508d4401bb8b8554a29eca7a58bdce937f54e9e6fe6 SSDeep: 48:0vvex7glx8Eu9QhC0VbTMpK0f+pHRqQlxrYlc/+8j5CmsHxH1XrNyy/32Sy:Iex7gn8EzhCed02pHDt5tsvXRHPq |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK | 2.42 KB |
MD5:
9993371487a08ff66559529f5f3be4fa
SHA1: b8e1013bee6eeb5b55382d8e359ccbc202d701fc SHA256: cbac5309b202f17dc79846a6a17d34c5abdc60ceac32d1d06dc3c4fd2212104b SSDeep: 48:B7fil85+le7ALbeuaNPMkqHqqr6tl6DeVA6CoVYuSikL:5NMzbe3Ukitr6mq269CuTU |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\UpdateCspStore.xml.RYK | 0.30 KB |
MD5:
5104e712c7dad1d97bc7ffb7c88f05a3
SHA1: 7a194811bc1c0e37701ac3409ea269aa89df905e SHA256: f725904920779e2cc3a7034bedcda04db609b7614882e5583ff68fe2fd7c7876 SSDeep: 6:iOG1IiwItFT3EX1qr9X1zY2Lt/Nc1p1SClACI7DcU+o:etFO1qhX2qQp1SHH/+o |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.003.etl.RYK | 8.28 KB |
MD5:
eae688cafa7b97d6fb9c53eac351c069
SHA1: 91391ef1e1727b16e07ebe79198a10d6c78abb9c SHA256: 09da1d88539c7808331fff5f610c9a7cf43ac77077bc50caee01eb27b28e396b SSDeep: 192:k6SG0uDxFWDVESxrHIGtI5FHfWtnp3/yYSGBA8QhZlM030WbZ+v:nGVE0HIGjpv1jSWAsv |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK | 1.42 KB |
MD5:
9b788c3d008bb3995b17279102a9e92c
SHA1: a39249b1f06ea1b47369a5673fbe0c8c529cdb1e SHA256: 5dffb28acce446acdb63aad0c789baf359794cb61d247c2a4f3ceadaf8e90206 SSDeep: 24:g5X7iwf6ft+SH9/YLBHbqxCbDjM81Fx6EPkAk0/8hTIGs1E9sN2+2Rx2GM+f:g5XGwfe3YLBHugbDAiHJCAIvFTM+f |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Windows 10 Update Assistant.lnk.RYK | 1.00 KB |
MD5:
45820a03b7780f4095abfdc262e04fa4
SHA1: 407171020bb40a5008af13c592d2e4066972d68b SHA256: 0727f2f5cd6a391d4a405929feef38f50e21c3c8ba2ba70ee19b5dcd34ed258e SSDeep: 24:NSxgWhvi3nVr/zXGTPLJC0lIeb6fHNjg/RNkzrVDr1n8du:NygooVr/zWDlC0ao0Auxn8du |
|
|
| C:\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log | 41.96 KB |
MD5:
3d4a38f6fd14266233feb72e3418733e
SHA1: 78977ad3ddb8a27c565d296fef7c518aebb0418b SHA256: da3e2899737d04b262727983c4feed0471eab3fc64643482a640fe29c1318f6d SSDeep: 768:CYUomZMvShvHRwrRp63hkJVuH/zwATzUl4QbCendzDCMR55xFNdQzJOqCgV2HEV:BmWAPRGp63mLuLl/Uhmen5CMR55/NdWZ |
|
|
| C:\$GetCurrent\Logs\PartnerSetupCompleteResult.log | 0.31 KB |
MD5:
2116e99313f9496ceeef8dd58081bd75
SHA1: a22e0639b92da1f87d98aac6cae41d41733832ba SHA256: 9d59c55dd49e2302861884b943d1783a325c3ac41a64514069b317d7a3e2ec41 SSDeep: 6:GR5dPJy4U2tLW7BEorVG0alddBQ0mzL1xBke3HC4CX61i42aMokeiA6I7v23b5:svy3+CEaalzB5mFiZ7wX7+r5 |
|
|
| C:\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log | 6.14 KB |
MD5:
d0f41af349daf199ed94877b145ad357
SHA1: d1d42ac0240e43ab95948e59708a8a691dbb3c38 SHA256: 7a7fce53d62b788e55869763b0c57baafca9f96b24201dec4e2f445949a2eaf6 SSDeep: 96:sLmpPXf6i9IOEXiSsiseTQ+UaKL93rAJVSjjiQ3N2QN4+J9EhQ7KucASEXzy/:wmpPSAIOESSsjr2wr4M4+YQm8SQzy/ |
|
|
| C:\$GetCurrent\SafeOS\SetupComplete.cmd | 0.58 KB |
MD5:
74c03d0c436fb9dcb23158ed0878eb71
SHA1: 6f00e68fa0669c0d592bcd53e8c14cdee1835f05 SHA256: 53af36ab43728a5306ad8076bed7826e4e837d8362d950fbf939d70b391008e8 SSDeep: 12:gcm/1yCR0k/zosQVBlGU/ENW9acocQampaxoN5:X+DALT/39al8md |
|
|
| C:\588bce7c90097ed212\1025\eula.rtf | 7.66 KB |
MD5:
85c1ce5c4522f8b90f72684e71b4073e
SHA1: 4f06f5029b91f3b790617a1de0cb1f29ea669152 SHA256: b6eb532a0dd23bbadc16ee927ade9535074d9ceb8e00ba0e1c35b3a2d7334a1c SSDeep: 96:olldhoazzDLxeG4kZj3uxPCAvAkauMIuKzipl1742bBYk2s0YcV7Sk9NZUngsDs6:W9xeGnZj3U9awsv58ZpNigsD0dzq2m |
|
|
| C:\588bce7c90097ed212\1025\LocalizedData.xml | 72.75 KB |
MD5:
2940910b9aa777d992d619f84c8c21b8
SHA1: 8dad4ab142f6148064531c89887a0382cb55e85f SHA256: 12a083199e866a57796b9768ea534f1232f832bf05ac03d155e240b4bd8c34e2 SSDeep: 1536:H/izbFwYNEcDH6/8Q0G3fncEhriIq2g0qrwS3wKuElyUHW1:H/OFhTDH6kQv3PfeX20rwYeElyx1 |
|
|
| C:\588bce7c90097ed212\1028\eula.rtf | 6.44 KB |
MD5:
34837bf84407104f37ad315d14c9bec5
SHA1: 73b5504332f19fe6320b6e039ba5e6e39828a190 SHA256: 7d2d8a0f274de28b53905a85b1a77278449d8f9e8b4541f6f5766ee744b1fcbb SSDeep: 96:mNiogmBNuXbbTYKN5Un+h63sWY7dTZRiaGEgAN3xOPNdsmQiPdW5I7GKGaVB4nKd:msjhN5WzkNgPz6iFWSVGxnKlq3ij |
|
|
| C:\588bce7c90097ed212\1029\LocalizedData.xml | 79.35 KB |
MD5:
8047eb42653ed6763afdeb0b85f6b817
SHA1: 1ac71b0ef04820d2552b57c8f1e13a61de6925ac SHA256: 734e198e1fed3e8a7e99105f362241525f5651ab86c90fb99617a1969b2dc3a2 SSDeep: 1536:iw0kz7nKwMw+xUKBpeJ0PaddmRS/ZTi699D1gZTBbWeL+46t/fYp1+OjaX9I:sYKzWUpM0Padm0H951HeiBt/fY6gB |
|
|
| C:\588bce7c90097ed212\1032\LocalizedData.xml | 84.53 KB |
MD5:
d99a1072fb03db61db61c04e40dd1796
SHA1: c6491075891e90e7aab064d5766971ca05ee829a SHA256: a2eddf758dd0cb09119e735312f901b94155bb4feb0da1d0c42e3c701f3af3b1 SSDeep: 1536:bde4Jo+3ybU+TvE0Ahez5CXhf9TAyoUimx2wmt9UNvQZ0InJ31wAzXsQ:Je4a+3yrTLye4p9ga2zANvQDnJ3eAzd |
|
|
| C:\$GetCurrent\SafeOS\preoobe.cmd | 0.35 KB |
MD5:
3294dba62ee6ea69b1d3422ee9fc9f58
SHA1: aaddda69e3f269135495dbeb4d083488afac95b2 SHA256: d3c9d96b8757f7b6c015b74735d3f65589e88e76d010aac07f5fac6b058ab0df SSDeep: 6:F2COVVUY6YAOSQwf7E4H30MAmMAbvY/rDyK/Diq3SQlgGKHF/OBLNZCWETz:Pw0DQwf7fXdP8/nZmq3SQncO9Ny |
|
|
| C:\588bce7c90097ed212\1031\eula.rtf | 3.61 KB |
MD5:
d03919a2fb6aafa79968c5030700d682
SHA1: ec70ed268ec802c2211c922350508bf4d542cfc6 SHA256: 9f3032602a2c9388c3a4dc2fc43e6cfccf5a1683c67e6554789539b8a5cf3775 SSDeep: 96:6EcMdXEYUI/H9VBpaRPdUlqFdWxii6WRspMvFNhE/L2nFNR:6E1ERGTzSPdeqFYl6WPvFNhsynp |
|
|
| C:\588bce7c90097ed212\1032\eula.rtf | 8.94 KB |
MD5:
40e3549528f2d8a87af5fb813cdffb83
SHA1: ed7e33bc3543fd6b60d7e85645f0840607109559 SHA256: a2efb0d1571aa7aae4e55cc09d210e995cf208b0e2d1acc13484fe8f152a9c68 SSDeep: 192:TnUru6WhAFRH22fpgYdZqvuE0U49LxWgihvrhBcllFL:4ru6WhARfpd9U4VxWgihNBclv |
|
|
| C:\588bce7c90097ed212\1028\LocalizedData.xml | 59.67 KB |
MD5:
2d5f7a655cd0273730ea909b71f23702
SHA1: 3b339af77d341d194ff71185afa31d3bd9a660ba SHA256: fdd3ec50f98295c765926315f98d861b693e7931e177b46e92e9420a0c837be8 SSDeep: 1536:2gF4iAH8ZRVLWoDe7zxyCgrmFjP244Rs1/UUYs3DPE:xFG8ZTZDeICiejPwRKcX4DPE |
|
|
| C:\588bce7c90097ed212\1030\LocalizedData.xml | 76.21 KB |
MD5:
c521c5d94cffd12996f8beb02a5a33fd
SHA1: a0796fea4b39dc7243a0ae4c763938781a8d5f88 SHA256: 0b0cb9f3963f30bc8664cda6aadc5e2b7e7024a30a3e8e3b6c0768b9ed984779 SSDeep: 1536:GFWeQkPbX4CHlDW3Z8AY2Al/K5xwhWCS0xQJQFFfgrxiPvMGFFRFuK:OWebr40Cp8vK5+WCSQHgrGFz |
|
|
| C:\$GetCurrent\SafeOS\PartnerSetupComplete.cmd | 0.85 KB |
MD5:
decd162944b88c5d91db15ea57722f77
SHA1: c500e734f6c26cf66c8b677392d62e7c126937e6 SHA256: 4ee9db1a051361ff8bf130d909d629cea7f76fafd0438d771c0b1efb9ecfac68 SSDeep: 24:0IBqkm6vMlg4XdXZaCBmZbVpMQfVzSo9U:0Ig5l3LaXZxpMQf9SB |
|
|
| C:\$GetCurrent\SafeOS\GetCurrentRollback.ini | 0.42 KB |
MD5:
4eb5c8c042672ec44a52411900ba70f6
SHA1: 2b1651f4d8c22b11af7c496a3a1f255581999b7b SHA256: 367837d139364b25f414cb984f4214fc0112af01479d44f20eef66d0ea2bc26c SSDeep: 12:4z54ZshmN3hoe9XF9vBZvpgAGip3AAH4XriUNfgnMsZzR:w4Ba0XF7FpDwO4bi8fvsZzR |
|
|
| C:\588bce7c90097ed212\1036\eula.rtf | 3.72 KB |
MD5:
edc3cff42afac2a495b8651e18b2d53e
SHA1: ca2637e1815fea9240ee777032e7637cb3662ce3 SHA256: c9d2024deaa72cd54e4c849352079b002618bf07f5cd0a4e025227d9a7f27dbf SSDeep: 96:qxm7JIuE22gl4F5MVq2+kfYt4qMQNvsuaKK4jK+HWTO3L+4a:aXQlPq2+/MQNKqFWi3L+4a |
|
|
| C:\588bce7c90097ed212\1033\eula.rtf | 3.39 KB |
MD5:
6a4fdf77bd87fa2347afc7b52651d697
SHA1: f2d4dc07647c06d10f9101a5a33dfe1e4f8a44a7 SHA256: 55335277b8a0c40df43824ee2d868a9ee71d1623c6608ea109d968f991097056 SSDeep: 96:Ncvb27oUvRbs/MdtqOJnLIwMe4pMIfPnUQluW:Ncvi7oapXtlLIwK2In+W |
|
|
| C:\588bce7c90097ed212\1031\LocalizedData.xml | 80.69 KB |
MD5:
8413bbb00b2099725b8d7d3f60757534
SHA1: c9416cc04f5719571827b11b41d4a86456c6d249 SHA256: 723ef27b0ba9051a9df98da6f101b689ced424494a29bb534feb286ed6bf0613 SSDeep: 1536:lsAUBO+RNYcsJFg30cWtk80z3av1p0Dmy7dIYGwu2NOc2UMHsVLKyDwb:lbN8NYcsgxW4zEX0Dt5IYGBS32UMHauR |
|
|
| C:\588bce7c90097ed212\1030\eula.rtf | 3.52 KB |
MD5:
e4a26223214bb90db837923a0299c3f5
SHA1: ae6cf3a8f56f3e7ba0ab092254a34428df831742 SHA256: f866b5cce6fbbb24ab9aa8c70f3a28e240f579c8bb702bc1d1272c5c3f09e575 SSDeep: 96:KxRGWe938ph91BtnvubUQKso3p5HGyrA8u:MRPl1f0Kso3p5ls8u |
|
|
| C:\588bce7c90097ed212\1041\eula.rtf | 10.16 KB |
MD5:
4ecb5cde9d4fce620e3e87105fc8fa17
SHA1: 905d4447b6d6c8102b6d24657b36f7250946acce SHA256: 5377325923ffff535282d2fabbead4897fa683ada11fc61a7663bbc62418b166 SSDeep: 192:1gRjurO/0F4lXVZcgew4sMQFaNqmZangR1zyRqCSGrRCWagvcQTVvw:mX/0aT61qmanadE8xg0Kvw |
|
|
| C:\588bce7c90097ed212\1046\eula.rtf | 3.88 KB |
MD5:
b38cc6bd5197a8fe62872e10c5e934d5
SHA1: 056839c5706cfcdc1d14252db55443873533dd8c SHA256: da036775a38909e3ca0730710777b032570fe6c16920c28293d7941bf537e275 SSDeep: 96:OWzShGTvHJ6Kv95XErrM65Uh0yboaxTOMLnsvTjl:OpmxvzgrPUhx/Lcnl |
|
|
| C:\588bce7c90097ed212\1042\eula.rtf | 12.66 KB |
MD5:
cc4c8545130a44d1f58103508132647b
SHA1: d92e9ebedb68cf3715ae4f8567c41bed069ba9e0 SHA256: 8def1fb2d715b472d1a750be754e5c2766bb8964ce241062399ed23222a90319 SSDeep: 384:oDFmrjjICUfMORqNZfebR7ZtHRGYPEzOehz:FNUfMORqNZfebR7Zp0eEzOeJ |
|
|
| C:\588bce7c90097ed212\1040\LocalizedData.xml | 78.46 KB |
MD5:
8f00ffbbcf6daf0b75208dae50905026
SHA1: 6cc642c4b3da4c8be04db1c20767b8feff2c974b SHA256: d4ae7693bef4f1e757fad3a9a8d3d5a0ab8eb1920bd03ff300731100cd5f95c4 SSDeep: 1536:YgQT/KnhFooQ1krBoqs5yuR7Rtt60sfmPzgLkjhcncE/jQ25HX:Yaoogkrx9I7RtttsfmPzMkjhEckP53 |
|
|
| C:\588bce7c90097ed212\1042\LocalizedData.xml | 63.99 KB |
MD5:
f54fd83ecaf8201ec9a4f7236fd1b973
SHA1: 0a9167b20b6616b0d76891dfb52e3c8033a69de4 SHA256: 645c2cfbd848f4324d1cc166aa5655ef41328634a64d1ed4da11935daacaf2c4 SSDeep: 1536:Qw04z5GM2ZB4sVn3PX5EXmMFxjHU21kgapbHoctV+KyuhTbqvh:Qw3+vt3PXy2kjHgHdZAPwmZ |
|
|
| C:\588bce7c90097ed212\1033\LocalizedData.xml | 75.71 KB |
MD5:
e691f10b17acf6e98c7fb6495ae976d7
SHA1: 9231cf57839dd8902c507279e0dd19c393b5936d SHA256: 39f1b7185cf0241341027b8a4005d2430746b616f2dc6a9b4856d7e5e655bc42 SSDeep: 1536:tI8QUASmjS2BIirvDUkct/lim4fwVTzCd/C4m36yLG:t1ATjSYIYbqt/limgwV37bqyy |
|
|
| C:\588bce7c90097ed212\1045\eula.rtf | 4.22 KB |
MD5:
8537474be535f8dd227d8ce040586a22
SHA1: c01a6761dc77fd62ef2fa2983c9602b5e7ca264c SHA256: 575ee81ae705a37f3036d2c1bdea2452a64c27bf41f0777f264cddd4e8ed9781 SSDeep: 96:zgyvgdk0wQ4yX4+XhoEdVEaLb4k5cxDrarpMbvq6:zrgdxo+KMEauNmrWbvP |
|
|
| C:\588bce7c90097ed212\1037\eula.rtf | 6.97 KB |
MD5:
b00ba2b18caaf4aca4412b8b722de273
SHA1: e110907a534c1076a40572d14755e9dec839d3fe SHA256: 2aa36be14c7b473895c5dae3e6e3526c543dffa1c2159726422493c0d20f1c36 SSDeep: 192:K5IjnF/5m+GwmSpu7vVU0e3LzNoYkt1ly5:Ksq+GwmSE7e0edoYkt1lI |
|
|
| C:\588bce7c90097ed212\1038\LocalizedData.xml | 84.69 KB |
MD5:
2246dcb1441ae7b2440ea45311453edc
SHA1: faa4bd4e2c2293b42a562245cb666b98e5b14b6a SHA256: 46b54264428fba7cfe933bb619a2eb166f828e2b6de2d7cc92910c967d539046 SSDeep: 1536:5wXOeqaMJXdTt23PBIQ2WoLutYl6g62CsFv4c6lJObF9a0a+2lrs+GfzSQjkiQLN:5aMJXdTY3PBIbZLuil1N4cwJObWr+Mrj |
|
|
| C:\588bce7c90097ed212\1038\eula.rtf | 4.42 KB |
MD5:
82cf96c92cf27a4b8abb8a090cb9391f
SHA1: fd1a8d668cfd407c7b082898c02ad5aae60c60b7 SHA256: 492b0a1151728e1943682cb8b7a85997d02d9a19249bcab62d0061e256288588 SSDeep: 96:P7pbDCU3OEkpc14g0Ijl9cDIzxoOZizqfnAdsmzlX/X3q85KJcRXfz:jpbDzv50WMEpZWYnMv5v522fz |
|
|
| C:\588bce7c90097ed212\1043\LocalizedData.xml | 78.05 KB |
MD5:
afab57efe7c455175a162ce1be352396
SHA1: f702a9f71951df1bced3fbda0d5f3040d991f381 SHA256: fcd3757843c8c302a7d17636e6708abfefae294f1759cb1d7a0690921d561963 SSDeep: 1536:iPzEzMjj8PvSwCP9FcW6Rxa2jy/rmIGHXVqK319ANnnNUq1sZrYHk+kpjZUdgNW/:i1jj8Pv9CP3cLz8JGHL656qOZrYMpNo/ |
|
|
| C:\588bce7c90097ed212\1037\LocalizedData.xml | 70.66 KB |
MD5:
da95ea1b4590df467277e3f4fe3bfb01
SHA1: 3cda9637d6d3507c1f93d8604ffa6839ea18b3e0 SHA256: 943980a31384cb0c579bdaeef45bb582c669a24f2cec7b8cd8a0977bd9bba278 SSDeep: 1536:BqUaCn+ZYnB3sjlGQcs0NeDMfrslZnVVBN6jk9dwu/wF77CjjKnlSXy:UUYqFs5HcsskMfrs/V3N4kzv/wB7CIl/ |
|
|
| C:\588bce7c90097ed212\1046\LocalizedData.xml | 79.13 KB |
MD5:
74018edda6a03ef5148fce4c0d519296
SHA1: c104b90da432b82a197c59d218b170150c01c75f SHA256: 0b32f8ef28d8587a966bfe3d5bd3b36342907ee001a6b2b6bca101952a79207a SSDeep: 1536:ZA9HMtLQLvN798r7NBoJd1TIhIyggoBy+6CRsykbYejoBZS3IsFhwNN:ZQKwvNB8tCJnkhIyPMkbYe0wfFm |
|
|
| C:\588bce7c90097ed212\1045\LocalizedData.xml | 80.72 KB |
MD5:
6aa17a3661ca97611bbaf0ccf487105f
SHA1: a986f02eb33ea686daf1ae6e746f5fc87d2c703c SHA256: 20c54e0e88ae08a7d55b5a770f350151fd18917f9acc6523c9e7487189fccc1f SSDeep: 1536:wGATRwRvn7OHXVAUhkik6AlOmZx0JdhmLneFmz3aZcX2t1sQ9yI1rIK2:ytg6AULk6n3JdhmSFmz3wcX2rsq/Y |
|
|
| C:\588bce7c90097ed212\1041\LocalizedData.xml | 66.91 KB |
MD5:
ddf84941736c6cbf68f9fd270f9afc2b
SHA1: d9ff67790b16e4b8f187917f5d52e52b1624e7f8 SHA256: dfedd82daead99ab1f3501433e2132858a9dc93ba58360d8b7018362edcfcbd4 SSDeep: 1536:XNLGstwIbVZV1EYtspcGKr9N51R2m/4O/Dhf/lUFp8ldDvRlSNDj3c:FG2rbVZViYr9b1R7/DhXlUFWdlluXc |
|
|
| C:\588bce7c90097ed212\1035\LocalizedData.xml | 75.49 KB |
MD5:
cd53f6da6f4890d50ec8269a95286747
SHA1: 055ee682bcf9f689f5917102f1b49dec9bcbc8f1 SHA256: b37378e929b85b2e8de3e35d0f29d70b461a79e92df9a769ee503e816ee0e649 SSDeep: 1536:IZzDm2zyGitFCdxOmYuv8bu+KgBupWRQrMkr5zSKV:ihuGiEB8bu+sQkl1V |
|
|
| C:\588bce7c90097ed212\1036\LocalizedData.xml | 81.30 KB |
MD5:
498b72c35c67e91317e4cff18a05b89d
SHA1: c6bc5a05b98c34a5a3a750f486bbc8b91df6786f SHA256: 07462f5c428b027bdb387dd159e87a7c838c5b963bf41e571b26b7a1dab5d76d SSDeep: 1536:0bQwldD9UyGL7RXxhtJMlQyuW9b0sRTZSXSYV5mxqMJiW6KeFshpP+:0bQwldZYFXxhtJAQuZZbSBK9J42Z+ |
|
|
| C:\588bce7c90097ed212\1049\eula.rtf | 53.46 KB |
MD5:
a4bf538ca23c6394533555871c33f5ea
SHA1: b03742e3c26d440519e4ecc4efbb07c0b4076e6c SHA256: 1ff80407a8718291bee18ec3766c357492313dcc2d86a423c0cc2f500750409d SSDeep: 1536:hN/9hQmwPD2wu2QvPpK9YwE2lrIwjsWt+cZq0:HTQP/Ivo9YwEQx4WLq0 |
|
|
| C:\588bce7c90097ed212\1049\LocalizedData.xml | 79.85 KB |
MD5:
d413fa4d4cd09422d056bb685ec13f64
SHA1: 0e422a75c08f8d365e19928246158c68a0c7eb9f SHA256: f9d60591affee91b150fc0d70fa2c7f59c58949af8dfcd11f935d1d7e88c6f48 SSDeep: 1536:96VgNxvZZnv3wDpc887uN2OL/2moe9+KRtFPL+00sz18ozGdNBDu:96Yp3wma2OL+mhsGtJL/0slUNA |
|
|
| C:\588bce7c90097ed212\1044\eula.rtf | 3.25 KB |
MD5:
69f3ec5fa656977a6afc118b53ff8968
SHA1: 27504e4e3648a19b76c80cba41505de15221a846 SHA256: 418a1bad50b53b8498576021abc7615c0e85f7eade81703deae4521525fbc317 SSDeep: 48:2sE4oqLLZSyJWZ9v5SG4Alf+asEU59EHHtDcAYWePr90YeNkAX6HkNPC+kM:LDLLJWZ9wA5s159EHNDsWieNaVM |
|
|
| C:\588bce7c90097ed212\1043\eula.rtf | 3.74 KB |
MD5:
649a62d48e201e407a9ed28fade02278
SHA1: 81f5db70fb0339d93adb6fdb56e35ba8ae3dde62 SHA256: 1f500ce5642b32dcba32494e5801cd9ceb63a24c5bdf9927b991d740d757d433 SSDeep: 96:ZqoQAMXZa8qODiEhCUSalUJ8I7pDO5P2c4k6GBN2MXxZvf:ZqoQAMXZaDYCUSGyz7Z0j4k60Xxd |
|
|
| C:\588bce7c90097ed212\1040\eula.rtf | 3.83 KB |
MD5:
ca852cdccbbc3bff7f18f2989211bd5e
SHA1: b8a6ea9c42ddfcbaa84f9c9884125f29c96fad85 SHA256: 6ba1868fa55d8f17a84087a8ee1dcb2c5404ee6e470e269a6a4e3373cb36048d SSDeep: 96:XWv1K1H2CRhMlrCWHL1PMONhIf7R2RFmg1fRsm:X8sHRorCWHLCONhucRF7xRsm |
|
|
| C:\588bce7c90097ed212\1035\eula.rtf | 3.89 KB |
MD5:
4349f9e12a0f8040548d59ad0050bc9b
SHA1: dace8a4691cd9645376e3640f35f452ed3a956bb SHA256: 67d9391fda533b8da8ae36836446959abd66cd386f427dcdcad56bee73f817e8 SSDeep: 96:U3WN6Nb4aFHD2N8ghUcx+a+OsSvL4BlwL3Ips6l/KMZ8DM:U3WN6NsaFHD2NOc4a+Opz4wLI |
|
|
| C:\588bce7c90097ed212\1055\eula.rtf | 4.05 KB |
MD5:
7d44722a802dcd81a4407a4e4e6435ae
SHA1: 2833cc12a957a77b75ea30f689e99a97129891e6 SHA256: c3fdd51572d572d5921c31cee21fec93e6d3591b439d677f94553e53fc797c5c SSDeep: 96:VaZERIOcuk84bDVgyQ+5JV4ghEGchRSl48egDBP8T:Ue4uk84bpD4UEGi4l48egDd8T |
|
|
| C:\588bce7c90097ed212\2070\eula.rtf | 4.19 KB |
MD5:
b1b25f278f9249f1a5296259b1e83458
SHA1: 07d1142ccbd4fe7464da0a2e1fb43f69413a52b8 SHA256: 15ad2370b1e3ce728648688ee60442c4d1c702754606b092d8c59b27c59f4365 SSDeep: 96:+569gZ2eESLj7sjMLGEEVzaE34CUmeaKrIyQ+Z2dQ6:79gztLPs0GLNALrL3yP |
|
|
| C:\588bce7c90097ed212\1053\eula.rtf | 4.05 KB |
MD5:
8f08b16962b0a0a6538179976fca5924
SHA1: 9dbbecb74e0da534d2cf0785ff54d5b57e2483d4 SHA256: 3e345415302d619ff54bf146d61a0992f091f8bd682b72a367554240cdfea859 SSDeep: 96:29z9+Fl1QgGeCshIIhzZQtlCXNqSix5oN:29Bs1QglIIhet4XYSiH8 |
|
|
| C:\588bce7c90097ed212\1055\LocalizedData.xml | 75.30 KB |
MD5:
0dc925fcf3c249b806af73eb488c4c6d
SHA1: 39aad4238cbce99ddf0d0bbfc850953ef29db2d0 SHA256: 11101ffaf189c05faa6571cb0172b60fb6124013a77aedd47fcf55897721a7bb SSDeep: 1536:lguS3otWElqCBlsl7qRrXJ3OJ7ARRp2EmYJY+t2hrQzJgM44rX2OwdS:1ZflbE0hcELfarQz+4COws |
|
|
| C:\588bce7c90097ed212\1053\LocalizedData.xml | 76.14 KB |
MD5:
3d09c0769742a3c96697cbb9442f16fb
SHA1: 2109f95522feece25c7d16702435a575c37d7f18 SHA256: 0aed23bad0dd7b68115ee2c507d84d14d9aacbc85daae7ffc87b78ad30bbd790 SSDeep: 1536:cRoTQHFjt2GdGE9rrQgn51ngjlg4fm30VguxBUIC9IjHRA6Ttinz/OWdbq:cNv2GYE9rUYbEg4eEeE7RtTUzdq |
|
|
| C:\588bce7c90097ed212\2052\LocalizedData.xml | 59.53 KB |
MD5:
6e41be960e161774f17cfb7ba83ecf36
SHA1: b5cde5553e9dc91960390e8cb3d5a42839ffb5cb SHA256: 95bafe9a9232ed61a683c3216e7365212b71def0a928571b89bab231520bb0e3 SSDeep: 1536:ANq3zfNdkZrTBVGgGoz/QpAdJ35RyDnMhlF65LtZLFXcmSb49:ANGzfnkfB4IDb75gQWZMtM9 |
|
|
| C:\588bce7c90097ed212\2052\eula.rtf | 5.97 KB |
MD5:
452a28e69eb464c914940c2076187c41
SHA1: ec7bb4126e2f817df2e23551326ae4d039bad80b SHA256: ba4e0d096cd6fce9ae4e7ac23a12086ff09609fded2ee227a3834ea49c356807 SSDeep: 96:j+1o8Vb7NZug3uocBRitIA4B3w/J1KXwWCgKrq37uiRQYfug+acmeMAXcTzLTsK:j98lug3u/BghcgWCgKrqLzQMug+asM1X |
|
|
| C:\588bce7c90097ed212\2070\LocalizedData.xml | 78.64 KB |
MD5:
b77cc87b161506dc9871fc8dfce543bb
SHA1: 2b43e5abc20cc37d5f9d51ffff4666f4212e90b0 SHA256: 6034d4ccdf6c79a1a459f9e6db73fe333f146097c79d7465f9721928364b76e8 SSDeep: 1536:4smAGXIeLlEBNkIn3tWbebAKrTl16V5FaoAPmPec232TYmmEpvW:+DFkkIn3tbMKrS2o/f2EfmEpvW |
|
|
| C:\588bce7c90097ed212\3076\LocalizedData.xml | 59.67 KB |
MD5:
dbb30603cd4fc0fcf2fb88f01c7882d1
SHA1: 8b33954ba6b41fc9d18224e7d130c3b4db5b2fd4 SHA256: bc439c153dd15a303ace6a5fde5890b97be6a9092bfe7b5f287332396cc930fd SSDeep: 1536:zQHuZ2VNGBqamFtHZqNOOd1ea/cabZcodbpGykrf:zQHukVER9JdOabvdOrf |
|
|
| C:\588bce7c90097ed212\3076\eula.rtf | 6.44 KB |
MD5:
3961c342cb5871e5f658c252c14d49cd
SHA1: 3aa37287b456bbb754c44434a39c86560bf3c076 SHA256: 56d8b96938c46323f35f5f99332282b54d0a3718ba9ab9560682afab04280617 SSDeep: 192:OMuRc0Rt7IgOno9/HerWASf2GhIhChMTLR:OMec03IgOno9/HerWAmWBR |
|
|
| C:\588bce7c90097ed212\3082\eula.rtf | 3.27 KB |
MD5:
76d7ec6f3283568b2bfce9b5c8c41059
SHA1: 9549e22efeede54ee31a024bbd1fa098af342a3e SHA256: f62fcf9a32011ae856e433942eccac026d3b6ef6b8d3b5f60801ddf2e1b288b5 SSDeep: 48:qrQtQhYHGffezWQNjYGQueBdr6fBDdr7lq01ibF6ee+e8uJg2FS6/wLo:qMtQhLWzWJGzgWfXJxOF61rFrv |
|
|
| C:\588bce7c90097ed212\3082\LocalizedData.xml | 78.39 KB |
MD5:
f53c0a24c1c4b5b6f669359f6944362a
SHA1: 199c13b7ab35a8880867861bff8f3035140dbc1f SHA256: 81c9b10d20e0cf3568e2e7db424111a3d1e7e9e1d89023bc73b8c6cf27f1c027 SSDeep: 1536:/GEzW4PT4CjCKtI0aTX3fc5LUQSqOOeJMtiQsAz01qW/ZakEkhna5RhBLEMPFP:/GEzRPTlZtf2nfKPe6tiRmsaNkYHLEMh |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate8.ico | 1.14 KB |
MD5:
211a7fd87b0b641d922dca3f38a872cc
SHA1: 45222d847cae602d688da110d8dbb16e3702cce1 SHA256: 1f68bcb453d50c7be4b47d7893e2780c810f4108df4922d182875a2769a07bb3 SSDeep: 24:fSM4tF71eNiu68c2BdZut/bIFZMB0dDfqht/m6Js8j2/OR:6Leg57CdZFF92hvJlj2WR |
|
|
| C:\588bce7c90097ed212\Graphics\Save.ico | 1.39 KB |
MD5:
5598492fca64ae8f4c0144ca97d6ee47
SHA1: 90345d992a149375f8f4ee95ec82d6fe8d75fce7 SHA256: 60dee60e45ac3f5ac2e8d9c06e632fcd6a40bd3bd9243c51ecd01b2997a4a198 SSDeep: 24:Ihd/5ydwkA0btKBclW9mbMGbQPkKA1iCKRL1ZMIpKskEJG2vE+T0/Zu1+svr2xkx:IRN7b8bksKA1fY4I9kEJxdzdvc2UJw |
|
|
| C:\588bce7c90097ed212\Graphics\Print.ico | 1.39 KB |
MD5:
ed21559e2c690bc4561742ebafc182af
SHA1: 1f9042836645b55d7f57a8f98d8fdddcbbb0f647 SHA256: 750008350cf039c623ad59164125b022ff096dad9bf5b012b9bfa966ad14692f SSDeep: 24:kgpRZUDf9cetkVwwdh6Emy4mXr3o0TFk/dHVpcuvxPhBDn9oH:/RyyjZTXMMk/dHVKuvxPhBb9Y |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate3.ico | 1.14 KB |
MD5:
73926f4d6f84a34c32bf9d6b68b38f10
SHA1: 4077767d73759691d3af990ec7f4785e548a4d8b SHA256: ff0cbe6f7bc4d81303419c63a6848fc7bc2a5bd74edff1c7a47a32c3f5b25053 SSDeep: 24:4kkm4vLia2+m9I8qATJhTa2Lo5MXAjL+m2k1DBoMvwmvhtlV:45mqP2+KI8rzTacEpf+mpRmMLX |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate2.ico | 1.14 KB |
MD5:
12795a9da7fbd756c0d12d4786b03133
SHA1: 4581c349e7c722c7346a9bb2bb8df16f17db821a SHA256: 1ae7cc8abf891de973113e21640cd4d33e9c2bb655fa7d328f9a1df01217a554 SSDeep: 24:K0iDtw9DJ+3DE5NA1elrXZuxKTDP/d61yswROSAyIrRjwnQB:K0WtSCDE5NMyTXX+ysNyLn2 |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate1.ico | 1.14 KB |
MD5:
8038068d25f80ecbed2123f91640861e
SHA1: c1e1261c5982bfe7b19bf09c7bf3adafa2898299 SHA256: 5ec9a5bb6431e78773463bebe3ed245abc36e0a19fc5c32f52405b36bc416237 SSDeep: 24:4a1ykWD6KoAdu405Z8l06ARBwebomjr3UKi+cavdsFKGW2S:7uduZ20LC+/P2aH |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate6.ico | 1.14 KB |
MD5:
14ca8dbdab55796f30934e8e04706edf
SHA1: a329a4a878b0cbd01c4cf01db1b2ce99b9d739c9 SHA256: aa283a149d8788016ac931f211a85b517633cf3f4db9bf02de3b90231cc747da SSDeep: 24:QnY5R2x/bqKmr5S3oNitbmaUpVRiAGm5/U6Bx4WQj:1i/bq5s3oatq/UCx4WQj |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate7.ico | 1.14 KB |
MD5:
69d15bfdcaab6b4c3aa855cf31aa2dab
SHA1: 1d89c38e251dd22c41491c051107eed5f2c8bef8 SHA256: 4580e91f3a049a6308591408260926232b35e88603e104c35c06fbe50d970600 SSDeep: 24:xPxEm4jK4daRPiQQmyJNXO2Nl5YQoB4QjqK4w0drfZmwIY1B:3F4TatyLXOgl5tijqBBrfU9Y1B |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate4.ico | 1.14 KB |
MD5:
e65c4481948ca0dbc412c4e8827cdcfe
SHA1: 513bdb897b84027ae8a39ea38d464ed5b778f289 SHA256: fcad16aba1663b0a062aef05a052173bb2e5c4b80566eb85df298db635e8e865 SSDeep: 24:lp+gdcj/UvMpT15Cb3s7rJWOiixat3TcPS6URgWgYje3I1zOKuwlQcG:lpsrUvBb8Tiixat3TcaRaW8iOKucw |
|
|
| C:\588bce7c90097ed212\Graphics\Setup.ico | 36.13 KB |
MD5:
96db62766cfff386b7391fd5d725fd13
SHA1: 9cc7f54bc728ee5a25310510544280d13e551e52 SHA256: bcd62e777dfad26b34e5bc267323b63ccedfc2169da27e35ea3a108266ce521c SSDeep: 768:vjyDHJjeKyaw4nGDQKZGMviX3tyq38cGohQctuoH3jGhc:vWbjyf4nG+McGoNuoXh |
|
|
| C:\588bce7c90097ed212\Client\Parameterinfo.xml | 197.35 KB |
MD5:
2b1fb1345344467b34d9b6818db8381c
SHA1: 2b46c16131d5466a8ed0c9f65cdbc8a0551fadc9 SHA256: 0d50876cde23a5d5a2c410f92791ffdbfe6c5a616c8549406c96be63bb1b433e SSDeep: 6144:93dfdBkNsbLON5ixcuz0vpblxp2ENZdrZWITiTK:FdFB2aO2aTHf/zWITiTK |
|
|
| C:\588bce7c90097ed212\Graphics\SysReqMet.ico | 1.39 KB |
MD5:
506148331bc13dffa6ff20df84e3875e
SHA1: 75ca8b5234a8be2b148b7618e7f9041dcc503f42 SHA256: d45cd749345caee69d3a58353fe8bc3aafdb589505d47ff8ae746f2ebad3cca3 SSDeep: 24:bzEl7HiCkISf8So8MKqSCroBgZjg6DisNmuqW/VM76Wg6DlH0U:rCkI6JpCrN1OWVPWgyr |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate5.ico | 1.14 KB |
MD5:
6f0be1f8758e49aace0a220d28270388
SHA1: 8eeb80e2a8bd3f515bb9348bf349a2024feb3976 SHA256: 38f0ab9108506f4406337818ebb2fae84d5a4e866fefb7474cdb94320883eba5 SSDeep: 24:Ga5t1yZs2X9tnKjpzjb1CNVXfWyvXEGGre5n8YX35TRSn:GSiZC0WyfE1O35T0n |
|
|
| C:\588bce7c90097ed212\header.bmp | 3.81 KB |
MD5:
0515a539dd2173563bd59fc434ce4e1d
SHA1: ffce54f7085b974caa5dedb4c86491b0678c98b8 SHA256: 51e83febbbc1693d49323f15e0037af36cbd8b4c4f3d759d8fdf724ffedfa805 SSDeep: 96:3bmZCA8qY5IP5ZOwuafRZPDfuriw5uDp7NPes0XzORL:rpA3Y5u5/jPDEi/d7NOC1 |
|
|
| C:\588bce7c90097ed212\Graphics\stop.ico | 10.17 KB |
MD5:
add3e2fff03e1bbb36c59d6b162cd9b9
SHA1: 66a173e10ce37761e4089d0f2c4cc9075e1410c5 SHA256: f461e23bf54f574bfb9111894b19cf9fb7919d0a21c2f668bf85d2a6848cc47f SSDeep: 192:Qsk1zuODGwsjZbcYa2ppCX5etF+kqyzlsjAJ9eGHDycLYWELxHTukEzp38uKe:CJuODU4V2ppW++mxujsspn638uKe |
|
|
| C:\588bce7c90097ed212\RGB9RAST_x64.msi | 180.78 KB |
MD5:
07940d49e123eee02d89eee17f7e2e0d
SHA1: 61c80859a41c6c3b0578519ec01ef4c5a89f85b5 SHA256: 5488aaabaef2e023942efd5d0025e9705339d6d5fe0c012a66bf75f17d82699a SSDeep: 3072:B74VXqTi3PAKkqhiSRiKWIbY0SvNuYLFdURTtSaiklP7ZnJ90Y7BX1zcF4V9Y4Bl:R4hqTi3IL8Co7SvNuYLFdO13DjX1o4 |
|
|
| C:\588bce7c90097ed212\DisplayIcon.ico | 86.74 KB |
MD5:
1bdc97c259b213f343b7b494758700ab
SHA1: 9f4c1847cb3d36c4f19dbb30001e2cbc6981a7e5 SHA256: 8d55ebeded65cf3c16592b27f5e1cbe49225a189461840fd096c4e302d31f04d SSDeep: 1536:Z51b0kIRv50UyUEA1E9fZd+1XxjdXHNxBuIAAtkkH03vwPUzCGbonwylxRk:Z52x1OoW9fX+zxXzBuCa+mwPUzqnwy7a |
|
|
| C:\588bce7c90097ed212\DHtmlHeader.html | 16.02 KB |
MD5:
bb888a62705125c733e2a004b0eb79be
SHA1: 9cd100f961a704121ec51ae4ef952e97d7d8bbcd SHA256: 94e3327350a010741b6995b25f610fbba77a3da03682b286faa18630bd849fa7 SSDeep: 192:DOfd9UXB+Z4JMiAf68HGgdJtd4onT31NowRxBimZNk8WqNjs3iBXbPqY/6YGMXBO:md9WL8jVfr3BicHsSyYkOBxlM5QYh |
|
|
| C:\588bce7c90097ed212\UiInfo.xml | 38.27 KB |
MD5:
ed10c5ff824c40d3e87d93696c39e682
SHA1: 48a1b805efbda72a3de043e60e79632dc8f28940 SHA256: 032b376a09c9cb4500cde4beea363f5bdeffcf89fe5a5d77509ad3b82e152232 SSDeep: 768:No8dh41xJV/FgZ/Q/EUrJge22ciUxUJxSe0jY+ET72otA:NoiSxvt0/ivrGe225SrYT3ZtA |
|
|
| C:\588bce7c90097ed212\Extended\UiInfo.xml | 38.41 KB |
MD5:
6be6d3d4cea9e09a81a868266d93f566
SHA1: ed5c5ed3f9c29ac52a8a7cc8432270e08a2ef12a SHA256: d66b7e4cd4dc65f93a5393289982bed7dfe2803e9e513e48d2dd31d53bf8193b SSDeep: 768:ccWVJmZ5UXzmSzq/0W5wZDIk2NOJA9AWlCFLPoSfBtsb:c5Dyh0lp0OJA9AqCFMSfQb |
|
|
| C:\588bce7c90097ed212\Extended\Parameterinfo.xml | 91.41 KB |
MD5:
450e8e6cfd82c1b6dd0f56cf65472a6e
SHA1: 4770b85629b99074d8ef51ed8e013bc9534e500c SHA256: 807691f9710cc7cff8d7dc62df5e6ad421533fb83499f3970f19a1c1db422eac SSDeep: 1536:Wz5NhzZlK7ASTaRm9LbXt0p7u3euiL0P1KgE+cN56vlFOh8bLza2B:Wj9qt2Rm9b9M7dLO1KRnClFOh8za2B |
|
|
| C:\588bce7c90097ed212\ParameterInfo.xml | 265.94 KB |
MD5:
ad5d67a7a4e024e9b5937371a3fe57af
SHA1: 4c35d54a454309c8e404d9056a32ef6f5fff8b2f SHA256: 4cdcb45c4ecf7f55e753b0bae7f4e8c55ca7db5b1dc72e90b28a51fed130ab09 SSDeep: 6144:hX4pPqEeqDWGhv//BVZiUJrpHku0hFhAliU4khkXig:hX4pPZH//r0UJrBkuuhGhkXig |
|
|
| C:\588bce7c90097ed212\Strings.xml | 14.03 KB |
MD5:
a5b69e8e88a483e15880774149fcb0e3
SHA1: b784512128e2c6401c5c5fb7212c92aa2d73ce39 SHA256: 6c5c75d5b1e3ddd816be90a0ccc47f7345c0d48e8ca2c31a91ec86acf2891860 SSDeep: 384:eXYpQd7nFIgLMSCAOLOzzo+GuV1cj4wZQ4ng1910nG:7pQHMSYn+Guk4wC4g1j0G |
|
|
| C:\588bce7c90097ed212\SplashScreen.bmp | 40.39 KB |
MD5:
b798322f5d0feae9bdefc4624d8800d1
SHA1: f2b9fc67f3731c0da42fa38603b2d669d9a7528b SHA256: 352ef99ec3cfbbbeaf5700bbe664248ee6532e8bd5ba53adf3a431ca5de49625 SSDeep: 768:VRt45SjpIlDMPHaD8UFHSQooZwa/UnDRQpJKQD/kQBgU821R/:VRWsIiDUlUXnD4pD85UNR/ |
|
|
| C:\588bce7c90097ed212\RGB9Rast_x86.msi | 92.78 KB |
MD5:
e5980174560d24945e3656247bcdfc5f
SHA1: ff4fded5f63683b8b53ce8609d62ef8445b077f3 SHA256: 550fd7bf0c1ca11466765439d233fc90413898d7102a383bea8cc375f10eb261 SSDeep: 1536:mAGnPSP09ExrVgExgeqINg6my4BQ57EHFT/Kb7t1azI8uvbATC2Bns2WgjEDF:QnqPCExg7IhH/5IH5/Kb7tYU9vS6Tgk |
|
|
| C:\588bce7c90097ed212\Graphics\warn.ico | 10.17 KB |
MD5:
5cf39d9041e835430fc213c4410fe52e
SHA1: f49377db0be422556a8e809a9208ae891d13f1f2 SHA256: 250dce63bf95dcc46902c9bf2b36235468c2f952b373c462f9fd8d634df1e4a6 SSDeep: 192:P3WN8BlDW72IWa52TR56xHPqeBInwLQ15Fnjm7fUANDfjxERCJzY9MESS:u+ByTWtRSqKLQ15Fnsf/f5JzY9MESS |
|
|
| C:\588bce7c90097ed212\SetupUi.xsd | 29.69 KB |
MD5:
8af1388927f9fc7ab9bf27a9c5621aa5
SHA1: d7f0cd96e93a5ea5fb3497f1f2251d5628007163 SHA256: f1f11109f6a42122cbc89de31a4a48d43c5801aaed0affcec06da1410ff3a198 SSDeep: 384:pWFugS6zUJkcpnHnJLLQiRDOxWusAanfwM/z7/x2iCi9iJ6sv7EMVJ4H820PHjdT:soV6ypHnCIK4zYMn/6i92nvYac8HHTzt |
|
|
| C:\588bce7c90097ed212\Client\UiInfo.xml | 38.41 KB |
MD5:
4ab53c44f1843b3291a433f8d11a1200
SHA1: 604c8be8cad24c619fb76bae425f263a589abb79 SHA256: b16f891f9720da8a35a3ec053a39be8706f3aafabb1b96b4d93a471ad84f2ed9 SSDeep: 768:1D+fEYpmx7hNnrSx3dlMQu1lmewKkKMiXBQPwLI/txiAjU0E:1CfEqmxNIx3dlNuo3eBtLcU0E |
|
|
| C:\588bce7c90097ed212\netfx_Extended_x86.msi | 484.28 KB |
MD5:
ece4b2de7a366c97984c33e0e00272d9
SHA1: 905525b1a463753b90cc7c54dc2509090294e38a SHA256: aa4bbeaca260d07367244838147eb23bb4bd57339673c03efb35199f5061dbff SSDeep: 12288:iaPXQpICQSAd54B6razfDBFTcOQtkVu2HKccJ:jPMcdRrm3wnmcJ |
|
|
| C:\588bce7c90097ed212\watermark.bmp | 101.91 KB |
MD5:
7a79d87b6d564220e5853893a62cd6a7
SHA1: 1c45553f5fb4351b69b21f17658c987f335f36fd SHA256: e8715428f83981a7958974783bffc979fc07b30f25267227a14cb3a533ab2a6c SSDeep: 3072:auU0Cn3iv4Tn5XhpWvHz5QVBm8eGeAKz04zu35IFmo:vU0MSATcEJgAKz04zQ5Zo |
|
|
| C:\588bce7c90097ed212\Graphics\SysReqNotMet.ico | 1.39 KB |
MD5:
e7efb211d774517515b88ac385a8defe
SHA1: 8d6184d930a7723b1366aa5c7dd7fbb2c27901f4 SHA256: 446fccc09eba6182e4f0c06798f6fb34814729f6f3748eadc390a156b5648a93 SSDeep: 24:D0QSew8pv/gAs/BlBIwab8ldkQ23pAo4DhOENDCISy+UO0A7th3vwCuy3H:gTopv4AeawTXkJd4DhO42+2h3Im3H |
|
|
| C:\588bce7c90097ed212\netfx_Extended_x64.msi | 852.28 KB |
MD5:
75096f78c80c0ab366a1a08b44be1b13
SHA1: 35de2e157e8a49b2e8143aefb49dcee443ef9b45 SHA256: 273551fd3eccb8f403b6e9206cf58e1be4e8821bbea407faaece83bddffedf78 SSDeep: 24576:pLN+eWfO1eyyqzRlGCPxajPQe2WW6oyeBoBz0d:pL5WfO1h7RAC5aZoTd |
|
|
| C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu | 2.04 MB |
MD5:
1c1768f02646d80cc7d6c63e5319f9e4
SHA1: bdcb6c50a636af316c7b8a61a040fa17466ed24b SHA256: d6f0943ab94fcd3df055b97eea21f151f1350aec9f67d182a6c80348baa93eee SSDeep: 49152:DztcDbdYumUZsitydApfwzRxgYePce94lIweaIzHwy1Qd:DztQRYumUZs0ydAyWh9IYjD1Qd |
|
|
| C:\588bce7c90097ed212\netfx_Core_x86.msi | 1.11 MB |
MD5:
4f2415f85c3838e4242a9517b27f8953
SHA1: 8b45924a0e6f4d23f8f358eb7c3e1178c5bc737c SHA256: 25d95ce4694237912ccf16419a5d97356a76f1e7b06af0c729b1860168bc85cd SSDeep: 24576:f6cmppJmdHQZr2Fl3zp6ruhrpNhCGIbMIYRQB2GIn0hnJx:aF2FlDp669pNQGVV/09b |
|
|
| C:\Boot\BOOTSTAT.DAT | 64.28 KB |
MD5:
5708170ca5ce0048c39af15446ecfce5
SHA1: 4e6860a939795c14594a9d6f1ad92d159d1c6a23 SHA256: 22da009551fe61edff866e0c6a8404125e2a1057c17f1824f1172060ee522104 SSDeep: 1536:223VHznX7ifDmoLCKhu1rAbpNdSba66HOU/orRGLXJ1j:nX7cBHh2stNQ6sGrj |
|
|
| C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu | 4.96 MB |
MD5:
07e83f54ae4ee7f164cdf90249c23fcb
SHA1: 2919deb52cfd16e6401d0b3bf4ec01f414dd07ed SHA256: cda454f7543a28a3702dde5aede0ae06dcfb545b5a5271516a07f0067b95742a SSDeep: 98304:R1GSmgldhrCOUjX57BkOKxUKnat45mFe4H5+Ju4JKUYc93iKlOKJhlV:qhOdhwZBkOK2Knq45mY4H5OMKkKzlV |
|
|
| C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu | 4.86 MB |
MD5:
dbd9eb2234c2dbfc5b1dd47b8e6d59f2
SHA1: 92f845c61d14ef71b5b10f11f13703da17aabd3f SHA256: 786ff43ac2b5e3aec6999445e82e07a7a59639b0bb357239c5844cf59855e324 SSDeep: 98304:0+OPGv4bsumB7c8pKy/aBHTKYzKXH54UuFe1kBpHua/KUKcs3DKVDK6rCj:Qa44IBBHTK8KXZ4UuY1kB1iKFKmo |
|
|
| C:\BOOTSECT.BAK | 8.28 KB |
MD5:
13929a59ca541182af1bbf06ac4ef742
SHA1: 9eaf10d5134dc590984c4a9852118d45dc0c5f8a SHA256: 64e6b3b5d018a6dac3d2714278596185f8dd02440adc2a767b9bc4746a4e470b SSDeep: 192:uy87SpVEwuHlk3VykyRaRBEoctY5rDsj8s3Mi+R1FjxSzqzKUXTZaFjYqOWytn:uxSpVCHlklmUutOPsjpyBxSzq+UXMsq4 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK | 0.44 KB |
MD5:
588cf4223833e9f31f712c09ab278ce7
SHA1: b897db6423322ab3e28009da1028cd7fa820ee65 SHA256: 4b644e199de81093041fa0db17974e468860a4712cd1a3b3b8e6a657b30aa227 SSDeep: 6:2yg2wkHzIj0hooA7zxnD7Z7u3Vo1Ow+2li4qTqmAFvHhNSEw06Y0ZTKMjWU/buds:vTe0hk7zxnDM3VikD9pu57UDuFXw |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK | 0.55 KB |
MD5:
9fa911fa26eb8325be8b6403bae7e5af
SHA1: 1b7a4eeb72879271201626b41a28cc7d28b00656 SHA256: c9b253edd6723e6ae66d6cf1d20484add670f6c16cc6af1e61bda70a8a22820f SSDeep: 12:c0qt5JHQ/ThkjyftXvPy6LVaNm/dV9LJPn:Nqt5MThk4KcX99n |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK | 0.64 KB |
MD5:
b2ebe09f969abe8479ca9f0fbebe9dde
SHA1: f0231eee7461834d2ffac82b399263c8c022c81e SHA256: 2bceefebcd166def242500b4e2703ef0c7b867e5083c3568a6d29d5610d9d7d4 SSDeep: 12:ptfjlPEP1UZbDnSfVylItK3/ny+AHjJE/x4mhtlVHiO/40th3:ptrlPxbDnStylmKPnCHjJE/+mhjVCs4O |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK | 2.36 KB |
MD5:
0c8ba948d45b069e79e46f671234a6e0
SHA1: 73b9e9306acdc5d3560b1c3b0adc66f48faefdb2 SHA256: b85dd032363411237823494a8df08a06e016b5448a65760c67a106dc17752cad SSDeep: 48:f8986uFbe9TpG18+WZOMJ36SkUWOhgCTY80X2ZNwVbQ2L:0986uFC9NG1mAMJQTOhgSL0X2ZNwbQ2L |
|
|
| C:\588bce7c90097ed212\netfx_Extended.mzz | 41.13 MB |
MD5:
505791b7fa2dac44479a5a17cf614465
SHA1: 4faebdb9fbdfdce039aea8c08e66963f89c8d57e SHA256: b0cd9a2fb66d5949ea1bc985e55e6632247edff88c330358874fc82aeb03d648 SSDeep: 196608:ymjCWWbi+uvx5roS4stXIcZXdxts2bdgx43PAMfQ:3jX+uHroBsietPxYcQ |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK | 14.89 KB |
MD5:
f9dbec24791cba6b1cb0920b5813d887
SHA1: 9c70db2a52faa6bcadd773cd479087218539959a SHA256: e982b76d46ba8f22a20d6c86579e18332c17b8d01922b0261736b31e58d3045a SSDeep: 384:J/H1NKm5VHHI2k29e3+tw9ul3cyka7ZK+d2WSa:J9NKm7n9k29amPEa7ZhY4 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK | 14.89 KB |
MD5:
6e7d56ec596698fe3edbd9faad348e09
SHA1: eb37a588cbd12d5b999c9dbd605b7dd8ca0b1448 SHA256: cf46d1edd1f5a9183b0b2775ee61e9b8dfbff0a911d6af8711c53ffc8b557a59 SSDeep: 384:iSt82sDT6sI+q2wZGnE30PDFd5e38oVo2h:5CvTz9bwZMqiFrfEo2h |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini.RYK | 0.44 KB |
MD5:
4d9c94ed548bccd6f5e925a605c60552
SHA1: 51f8b04ab870cb68630a19680d1619e2cb94ae8b SHA256: f7d7bcc0d0a79e60ea664285a04726b183f128c03f1d8d2776470a633359a08d SSDeep: 6:KKA2o4+1NMAtoqpqRra8CmaIA5hPEgQebdX1updssykHhL9bve+olhFqFEhu34Z/:Vuz1NacKS5ERm+pLK3YEhu3w8C |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK | 1.05 KB |
MD5:
0d20ca3fa8c03a1ede6b1a2db6fb583e
SHA1: 49491096a2fc10885bf313cb3a67ec25c4c31014 SHA256: d65bfbd499eed132746cf29fb97c104d973d16ae490fadb47a012f9999a86b37 SSDeep: 24:26G8yzRKLZp0fLtsTi470fu1UDUdzo96iaVTz4UH:2qoRKF+Ltsa2cO |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.002.etl.RYK | 12.28 KB |
MD5:
43e216895fbf847ef8c365a21efbbc60
SHA1: 74fa21fdc672dedceab20e7ff491ff89352fecd0 SHA256: 448ee4efd6ae05213fdfbc22c04fd9b7bcca5037947eb5b2dd609a406b083ee1 SSDeep: 384:wk35xLCbXCTZLqT6KsIQgcTp3yb+4Srjisn:wmL+CoIpsSSc |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK | 0.64 KB |
MD5:
2146fe12ddcaa53194de37ec67c13673
SHA1: af22cb996402ddc8c8f445fe353d0b236daec20e SHA256: 833b368087a046b010c5ae1dd2a6fb32467a6445e57f943b5a04472658f97a4b SSDeep: 12:wRVhX63fq5HZUrSTXC5EYTtQXEUzzu2b4WQI8j532xIrQbvG7h/VyU3jANB:wR/XcilZhTWTtWQIqZ+BU/yU30 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK | 8.28 KB |
MD5:
9b36bfb3333ca3aaacb5ed18fe3f4e12
SHA1: 4321bb333d4e7f2e5321051d89976e04a94c2379 SHA256: f1386438fa1d36ef13418aac5d7ce6aac35e2a40ac8a80591f152d30ea39c171 SSDeep: 192:skIKMgkiWhMj3lBRk3ug3YsPhFiUIk1M4aVMwI14tic:skHMgkFhAwu+hgUpM611Rc |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK | 2.21 KB |
MD5:
8b807aed2bafdc3db1c51cbb4f143ef3
SHA1: e58a72e41f1d6e4d4b88928ba622b103cc11eb34 SHA256: f07f0dd5effd4f91134913d05543a0be7bd622349c7a3aef592027a90281a089 SSDeep: 48:kL2rj+h9JuyS4g9k0fc8rARAdL7D2jVzY7tEAadr11ewkgC4v2Ef6:h+DzS4gVz0RAHDUSqL+wkgnT6 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK | 1.63 KB |
MD5:
34852d724c1471a67e567c8eaa0fd931
SHA1: 4ef4feeaa20820bc7158c6c1e8f10a8661701612 SHA256: 5a78266aded7090e543ef474451efd148b6b1388bc09d754cc6f0f976709a995 SSDeep: 48:c+Nb6vU3gmeU4C2cuu/YiNzfAxdNaAfSg:cqCQgq4CUAYiNzMdNrp |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK | 2.21 KB |
MD5:
1e979dbc2be29ce4ddb946277c636c50
SHA1: b27a7dc07889190702247da2d48f8e4542e83d44 SHA256: fe7d9e0190759600edb2b0ec0cc947919c3d04deefba65286c4ef6b65c0ad36b SSDeep: 48:QKgXKEN774FZQ+FRfe7irnYQPQTarNiP8ukVd6VPv:QKgR70Q+Pe7iLbOaIErVYv |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\edb.chk.RYK | 8.28 KB |
MD5:
01fa518b9d7f3912668118dffb62b1a8
SHA1: 31d5de2d685d97614c3a7b6875a1dd9d23affc37 SHA256: a2dd671bd2dfa7887b2fc79e0cd09d39199fb3f661d327ed58d5c8630b1f9cc4 SSDeep: 192:6GOPQFdSQ5xgB7sPwIrRpl51YnJ3mm76WOnN/n85jIHIoinDufeO8GK:sYX9xgC4EplAnp7ON05jQibO8R |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\edbres00001.jrs.RYK | 1.25 MB |
MD5:
128f31b6a13aa4a9bb722804c4f140fa
SHA1: bcf7c7442abdc5ac9275683771c9dfc824defdc3 SHA256: 0c2bff09707dce36e88fe2232a8eccb26c6b2adbfafe5d39e026ef534be5d9a2 SSDeep: 24576:VT3RA8mJ2Q2TyPRmUL+m8Xr4Mal/UVQduKr8cPGT/NcVAddbwLo4I0e:VT3686qyPMULn8XEMa9U8fNOdhwLo4Ne |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\edbres00002.jrs.RYK | 1.25 MB |
MD5:
9dd1989a10da7155e4406a972e5d9798
SHA1: d5f6c8faddef192bc37481213c440246884e5eb9 SHA256: 2177bd0512a5e21ba02b762fb9ee57c5bbbececd6689cf53036b96801d23f64c SSDeep: 24576:sfwwmGJnCjzcBzNspeySlgf+NAMZO7oSKd+122Q1Sac0hSZW:sfrmFcwejafoARd512L/h7 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\edbtmp.log.RYK | 1.25 MB |
MD5:
edec118a409c93de84d08df06c3bfc9e
SHA1: 93dee75f050e23ecbe13823558ebdd0b2b8d88fc SHA256: 44aed22ed78e1bd3444ace56cd61b0bb833de987abd80b3c4c13e51e1d713da4 SSDeep: 24576:4frLHHLGnby7hAinjcX7ZcB1ZhSC9Hmpu5ZMCLVPZxzAyks42pshCBF:YvWkABg4WH8uPTFb1tuCBF |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Storage Health\StorageEventsArchive.dat.RYK | 5.64 KB |
MD5:
3e259d7ae7d7c78137367622298a2b75
SHA1: 7dd649b9b04d3d347f14609249d1fbb251f5a0e1 SHA256: 2fcf25901e8380106a6a8d72a76bb6184364c89af50ca475a942f8134f646e9b SSDeep: 96:d1c4HC2Qn3Xz4MAPq16hxU1p26MxoeSPY8kdZOOWHvhf+h6++gvuOT:d1i2Qn3h91yxU1pCxWNAOOWHpWh6++LU |
|
|
| c:\programdata\microsoft\user account pictures\user-40.png | 0.71 KB |
MD5:
302b1cc244328cfe11fc04d244d6f153
SHA1: 52c0edfc367a32d77569948e40bf1900b932e43a SHA256: 9f497b1126315e3ac53b7adaa61542fb5cd1ed24539f1ce2247afa752e425958 SSDeep: 12:HCEgdvD+lZFIBc7qtU58un/jkQmMkLyT5GvdZpnvXCzSk/vCX234YLHlfMnhOmhA:HC9dLOEv08un0VGT5SvnvXCzS66X2oYX |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.RYK | 0.67 KB |
MD5:
d178204934f8a42d4c23c736cad37dc0
SHA1: 27e8fe4821675700b3340ffe34ebcff936559d1e SHA256: 81b73de4ccbc3eac83e6141a712ba7fa744f73cfef1ea22cb3b305d8a6779581 SSDeep: 12:YLllpMVaoEr2GnLHgUNH5elchCHhX6JwwJoIV+KOGB8S11E4aUBs6iFaOfZvpgzj:WrpMVYdH/IlchCHhYhJ15p11ErUqhkSq |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.RYK | 5.55 KB |
MD5:
8f648e7bc6be8a867294f5cd30c45dd2
SHA1: 56c541d16f719d6bd09ee09daa44843cc12cb0f4 SHA256: f21e5834295945d70233c481d9f890455813fba9992b49d641ad334d0b13d0d5 SSDeep: 96:T8FZYKJb1D3Q6oweofyXDC5gAto3hVnLOAAp85VVLJrwZjIV74UIC7bXLt1JaK1Z:TgaaNQ6owaXOgJUibJHt4cXLXJDZ |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.RYK | 0.77 KB |
MD5:
79e528e0f3a107e07d8df761fdadc8e9
SHA1: 510d9a69704fbf68cd7725df0fa9191cc963aa78 SHA256: e214b46ed91daebb47dbbec6eec4e64cafd549dbd5223c03d7fe584714e72070 SSDeep: 24:7kkF3n0gaP4fs7MAuJx4RVdcnv+Jt0bCYacKPmtd95J:4kF3n0n4fs7V8x4Pdcnrb1Amt35J |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png.RYK | 2.63 KB |
MD5:
4b3486e808b42e2f2bf9adcf721704f5
SHA1: d0dc439dc7fcf7a69b7f667bb141ac94733d47d6 SHA256: c3766add9b47f389634393ceebedf5cfd832a69dd9818523bcc97c4352450910 SSDeep: 48:YFGF2QjN5GlRZ84tXvtffET2yOnZ2eEP+IwyqOZvTrl0Mel0b9mOg:Bb2lo4xF3Z2eEf1Vjel0AX |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK | 588.33 KB |
MD5:
ec0899685c53759f82c0ac041a9be521
SHA1: 392b59bb87ece83365dd1fe2bab7d559f72e2de4 SHA256: 2ee0e24ffea35a7d1314b461e182e3d310ebd8a819c725ccc4de36d73b7f89db SSDeep: 12288:eTDNWxmxSYzhvPqjaeRtjJGO6+7ERhxbmOwaOLaE+sTOb5Pz:kbUjlvtGO6+7ENxwazbBz |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png.RYK | 4.83 KB |
MD5:
41d09cb7e1d6098609ee0bbc77a19976
SHA1: 99d21db1638e66412c979a1c671d50ad7f088289 SHA256: 5c56f04b59d131d05c6c22e7b860e4b2662d2a950235eae6e25ca2e6714d46f6 SSDeep: 96:WRMj/inzfc2D5uwseJ9hL252wwesIn0vZbmq2ud0tFQ3x4Zd/NSIaq:Mm45bseJrC52QsDddh4LxZ |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk.RYK | 2.64 KB |
MD5:
5f8521df735635a1f7da85005646198a
SHA1: 43442613cf2a2fd29ecbcbaab34d1ad210bc6771 SHA256: b06369cdd77d32fcb1f34d077710dd8d290361c35030759a403138892e85dd83 SSDeep: 48:4M1fiJwpUidbxy4u7NP3PKLa2zL4K8HRcFINWQ9ipWycNkAB8gcOWto:51fGo9JulPKm5K8x4AnA4Nwgcho |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK | 0.64 KB |
MD5:
9f7ca12d6a066f49f2b97b9a792a7de9
SHA1: 515a587655fb221abfab62f6a500cb229eafdffa SHA256: b6bca87dd2393105664b6364fea8ff90e4dbe4380faa7d52ec9a6d5b4fbdb150 SSDeep: 12:vXfzylZ4UYs6e1gam7VuX8VLL2NLfLgXaFdHHjVE2LEFCokgxpBwAAoL9Tfc+tdy:vLyjbm5K8VL+Lf0XyHHja5F4CveOfc+m |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini.RYK | 1.72 KB |
MD5:
a285aea44529378985a85b597d775634
SHA1: f1b9c078c0d93c2439dece8738c1b3c18b484ab1 SHA256: 6e84d34bf611943c165683ec3220a0c2a6777aad21af61e75b212566015d5169 SSDeep: 48:auoxPMEQX4AkOJNClxFauBwf9exh8XqroTu+Ljj:aNtMEM2OJNCbB/h/H+Lv |
|
|
| c:\programdata\microsoft\windows\start menu\programs\accessories\paint.lnk | 1.36 KB |
MD5:
5d4905c7ebe15102426d709f66d69f70
SHA1: 65bf8f3bcb574dc88c5faec558454bc57841cd52 SHA256: 03857f524f7737a9773fa0d668e200030c46e215f3d7e1c1aa537eb6ee7351d3 SSDeep: 24:ObKWoMa/V+l2H28mkyhNrPIjlOOPXxg55QADXRD/tIp3FTTAnfRV:Ivot4rfr+OCq55QAbRC3Fmn |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK | 1.38 KB |
MD5:
1e4c80c3de4ea6a914f1f8f55e650717
SHA1: ebb8f61256b8cd1d531ecd2ffb3f44e01503335b SHA256: 46fcef2cc041d4082eeb73605f4c349e2c93e64c9c7ce08492fd241a9d133a3b SSDeep: 24:iokKLUtPcco5kDnvCrvlvyE9a7YCj66er5dt/0YW/yViywt4VtflshpSqn:WKLP5Sve5eYCjLe5/jWputCV |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Quick Assist.lnk.RYK | 1.41 KB |
MD5:
97abbd4fa5b410b096d4424d3d239838
SHA1: 889d942effbbc9d7bae2fe62a48c8209e957101f SHA256: 80e90067995303839441f8bc3294db448fd8257340f37e557c673ef9ce446096 SSDeep: 24:S0YOJXVkxJAdTIQY9wompXGeojJ3YFO7SpA/JfCI8NzfZc8LB0/sYeY508EiWVDC:S0KxJARIQYfmP9gMA/FCI81CEYe6EiW0 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.RYK | 1.41 KB |
MD5:
42d1d4e515c9899939478f46c6e44729
SHA1: 8e3cfe228a5610db5967104264a1dd30029caa2e SHA256: d54518119bd8ddee2ca68bd2a54661182b6abcddb4293cb1a8e4c0a16c1f8627 SSDeep: 24:7CH3vUR4g0KYc9sVxZIk9p42HsjCLKBypnqEaHuN2407SekXAtPvTGe2stW:7stDKzsVxlGbcMtON24Cw63X2sc |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK | 1.38 KB |
MD5:
3c951f7605a6a8a443856ff3da342670
SHA1: 10ad671d203df701cdc1ed2a4fd9677c705d89b5 SHA256: bb5e4371f0f68b549ba9fa34a79b49e5affc400ec7c971b93aef9641cbd2c578 SSDeep: 24:S/a3Cu6OlMYYXdbVygm8W/os7SrrgbETVPzuosMn9ItcQJxZqX5w:maCOo5Vzmros7KuSfb/QJh |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK | 2.67 KB |
MD5:
d5a7436386f8d9099c959c6c981bc789
SHA1: 3969163bee0a6592f4d76985468eb7cc6940087e SHA256: 73b17840a996a1e532d5330ca74e12ab8ec4b2000774a7ae21eec07555f01acf SSDeep: 48:7B7u+ATal1cU50N8dhlon92EKTvah1TveXqondSbz7BAwbVU6o2otjA:7BmTU50N2Sn9xKTihVveqond6HBAmU6J |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.RYK | 2.56 KB |
MD5:
d148ade7981519f340dde1bfbbe6dc25
SHA1: bf893a4fe8f7dace2687bd0368023ee417ea412b SHA256: d3d39034e7352699bc7bb74475714390b509f48470b05c8cd685070ded74377f SSDeep: 48:o06Ig0xUsTRpPfwDV54KifG3V+l9mdTvOkNI5xyWGUpGX/ma45R1b9d/vHMWk:ZUsTnwR54Kif9mdbrNI5MH2GX+bLz5bk |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK | 0.46 KB |
MD5:
05730c1b046fbcdadff5280c07b03726
SHA1: 8ed79a88a273709067219a71b181ceb79a719d54 SHA256: 5e3fd39be902dfb643c2a60b4c2bf90ff14ea0de2959054feb48477c85d28ebc SSDeep: 12:WnW6axF28/M1Aze8Crk65/8dRPO9Wo9RmPIYDBQCq6g:WnSg8RzTCD87PO9Wo9RMBDI |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk.RYK | 2.44 KB |
MD5:
ce902179851572cfbcaf6de7779e204b
SHA1: 18ef2eb17f615746fca74504cea1f48313585eee SHA256: 59dacf5a68dee1f7536134305c806f1ed83bfed9eb3dd82927f9607f5f1955af SSDeep: 48:jCD5T6SJIUN+SJrCgjUe+28n07JrwDRQo22Mtch4s6h7:uD5uS9tjzvEDRQoOx7 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK | 2.61 KB |
MD5:
570bc3c0beca4b872a8fbe44013f3b4e
SHA1: 12006e6e20e7bb008f5781c90798915e4a6e2218 SHA256: c769d1c7e2c2ed5a099941063971df89ea24462aeef55910a16d179a97ab1bdb SSDeep: 48:XBWKZ9vyI4mYDxC/sN6sZtIb0z3tlexNTIAesLD5PfoOAdjb:XBBZ9vTs7b3rDAesLiO+3 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk.RYK | 2.39 KB |
MD5:
425312dead06522078f166f0958805fb
SHA1: 1482a7b24d1fa96beea003bef32c7da2caeed491 SHA256: ce621bf2b5934df2c43005f8479fe4be5a468655c8ef0407fa1a52eaceb162f4 SSDeep: 48:SVvDExEh2eTDHNaQ/ghwcL1F63NLziUNaUtk6ODi7Wca6PvSdJPDlqiCby:SRYsBaUgCcOdCUNzt/2i7WcvS7AiKy |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK | 0.44 KB |
MD5:
327c6e95c761e66d96f7b75acf855cb4
SHA1: 7fe24d5028131966c397a6c55c43e7349fc8fdbf SHA256: 804a2ed9774f870a9e78804de94eec092f9d0bcf419aec4cca27657f88cdbc1d SSDeep: 6:uX6mc2tivxstN0NGLQAVol0Bl7kLxg0wfSWswOk90yCXZHMo5e5Frhp7IBWHy7u3:Rm7tN0NGLQ6AGuwOvHhe3rTjQu9fgi |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK | 2.35 KB |
MD5:
91887cd20f2678b9e5837681774b5b90
SHA1: 5b5a71732484c026d1ba8afed060a26da580d642 SHA256: 61fca6fae7cc9e0bcd80fdf9395a56ced578f11fce86b149589aec7d26564a8a SSDeep: 48:g5L5sO9Kggw0Fk4DZPXuFc98HBYN4Nmur0Un/8Izpy007WeDn2f:gl5n9VSk+ZPXuFo8Os0Unpyn7Wew |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK | 2.30 KB |
MD5:
7dc2e38a668b27238216e46a46ad881d
SHA1: 2d5b72409d0f04843536c2da7c5344f9b8c90ce2 SHA256: 7e008c3d4bfb77f95510484323b03035421d7aa26b1d0392b3c24d8c6974817c SSDeep: 48:n99Nzw0jqKHBcjXv1zulEqfg7/5cI3FYkpx9G:nTNOKqpzKj2/51FYoG |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK | 2.72 KB |
MD5:
45780ef5fe71ae7830e8c6feb872702d
SHA1: b22bb0a86438c4f3bdddb86f8248d5d37b4c3b15 SHA256: acb697bb06f015fafd042d7b4100734d54abe87b0b7cd436f1156cc759158381 SSDeep: 48:+xJn9EkHvl4auRZ59bnMgo4NEhWtm/et/Ry6zozvkk4dYo6m:+H9EyzSdnVVNwWtmu/RHzqkkY |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Startup\desktop.ini.RYK | 0.44 KB |
MD5:
e327aea7eb9679e0d1b185cd15f7ca9d
SHA1: 5acd9f94a2d8c48a217c2880306b7e58437bafa3 SHA256: 2e0f07e034d788f5c74850d98710aa7858c070a5999c44c3cce7780354df242b SSDeep: 6:V8+N6YCtToYKjeuaJJ3UGOjUy0fLi4UQrnBZXrvqajKYdPzMEVpP:6ACtTopjeuaJpUGOgNn7ryHAzMEVpP |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK | 2.67 KB |
MD5:
dae47680a6120be6965ec618ca91755e
SHA1: b935e49cf31f9b8c3d315ed1d9597a96f2984be7 SHA256: f0ba259254fd742cea344ffb2bed372e4e634201fbaa4ac5380659b936f08ff0 SSDeep: 48:0yKbtcxrRBSrftXRt7pQ1E5h9K2H6Mq+DqFsosRIZw0j5evr4gHzYvwjYEYqf:0yKbYBKt7p9Acm8qFsrRIh0r4KYvwjpf |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK | 0.61 KB |
MD5:
f00f75b8b12c1150ca9236b21d557ec5
SHA1: fab7f1dd10a1f005cc4f07868b2222d0a48f9850 SHA256: 670f30dc17d42d17f4b7cb129fc2510848a63c469c9c4bd38e80dd6279306180 SSDeep: 12:zfljdFZm8Le4jpyqiQhY6Es2QpawSzy9fLsd0rllPdnPjl12Dn8tRtbmvsKZZN06:zlpXNe4tyqz2Xc0wDfYdwlP5l8CRtvA7 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK | 2.38 KB |
MD5:
5276808241d911437b76ebcb26b3d6b4
SHA1: e1bb63f86c2223188e1492aee9142cdd6359c60d SHA256: 42d4f0b132a1fa9306731357c108c4a6e9524d451210f0ea8e07b61125d0c2dd SSDeep: 48:CqmANm1nBnnQgYOc3pjkHyLOoXZzUA8sn+40M1NjBLpyVC9:zmNn9/opAHyLOoXZ4D41PjByC9 |
|
|
| c:\programdata\microsoft\windows\start menu\programs\publisher 2016.lnk | 2.63 KB |
MD5:
8ff2c7943fb5e24912e79f5882f0336c
SHA1: 2f72c575f999816e9aa162fc858266979f1316c7 SHA256: 46a1131d6754882b0ea5e59089e46f11b9c93f7be8cd21f5f8d28f7bcfa9a8b0 SSDeep: 48:hiaqxfpFLgfnepohOBTqz5pgGwl4nhmyOl98+dj9fC5tFGYopnRC:hia8cf9OozTgGwwmn9qHopnRC |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk.RYK | 2.67 KB |
MD5:
3107d9181bce0d23c36117258607fbe3
SHA1: 11737e1e6bdad53c376315e74c9753b5159e86ca SHA256: 3af5e04c6a3e6d015735b056c6f7609e9a1e420ce0b3e2ed0fc7392a27799f68 SSDeep: 48:mWgPkOLWuiKISi2vfb/EAP1t4dn2nJFWi9qrXKdB+hzREklzukGbkercQIc:mkcqXAThb4lPrWB+RdBGofQIc |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk.RYK | 2.67 KB |
MD5:
821c55f083e11c7a940f4dc412bfb752
SHA1: 95ad70f5584b4c3019ae204d60d0f4f6abd9d84e SHA256: f17773b738f1266ecd884842988c994558af32112be03486db77e47933c0db43 SSDeep: 48:j6REZ33TakD/mXqqKPSF5fN1ZrkwXGjWxszH1bWW2YJK0:OEFjaym6qmSFf1VkqkWmyGD |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.010.etl.RYK | 8.28 KB |
MD5:
6c2de741ca066263ede2a4363202f60d
SHA1: 85e94d22813dc9fc5ce83d0f3d7029245a2bcb29 SHA256: 752741fb494e5bcdd694b3d65589c7d977ab86486873c5c62c00ca452fb3f338 SSDeep: 192:C1tpVy7k/pJIFZR6zBETzIWFcqCaoYy16xG1uyeWvi5p:Sfy7kjiIBE/nFcP8yQExe/H |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Windows Media Player.lnk.RYK | 1.81 KB |
MD5:
0cdd5955409bb8a08e99b272c9b196d4
SHA1: b5697e31f0987e08ca0858f6177bd05b212727c5 SHA256: 7292b1fa6bc0c78ed2aaf69d68966958fab51478bef059dff37ca563ca55bb6a SSDeep: 48:ztnuRp6g6eP/M4lijS9YVvxhvHw05KerUY10dwSisD:BuR1vEyMP/L02UY1/VsD |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK | 1.35 KB |
MD5:
53ee6604bc60b19b4ac26753d776cf29
SHA1: d3b3053465637ce62f313ecd62b7c938347a1786 SHA256: 2b2e2e4bf9378f463a4a74ba3df78fc314fdf44b2c8b8b8aca94848e2a395dac SSDeep: 24:3IXA+8D5AxEz6LWXJG7TLzDps9Ser1Tw65rsI+jKV2XENeli5:4X3uAEyTLzDpuS0b5RRVxL |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK | 1.41 KB |
MD5:
00d6032622dabc1634978798361e4ed3
SHA1: 11233e8a736610f7680a3b5fa9746656bc86261a SHA256: bf93f3b5c8dd724be4a381b9ec92f077b9403d22bf59b44cbd5ca648082d8b77 SSDeep: 24:F0td8CAq0rUpTNoKV+/w+R8Ggl9ucyoqbPHSYh+xUaqsMSEvWdINlugB5+WmVDg:F0dNfpHy8GgucDq7yY3ptViIUNV0 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.RYK | 2.81 KB |
MD5:
f7937f52b0a443a47d62db960226972f
SHA1: 5d8006efb5e7692da45a22a1ca243893391ef186 SHA256: 54c79688078e9bfe879a08a35a3ed1c69115deaae27a092f468a238a7f57b257 SSDeep: 48:G0h7Qxxtx3UOii4VSSOLm5riJYJrSuGXzqGXuYn+fFuavYh3Hl5AfyAeYL+h:G0sxtKa4VSSYm5iYtFuzHXuU+9HvYh3J |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK | 1.41 KB |
MD5:
b89bcd8696368919c5df661c0c6a8591
SHA1: b894890508984e4d9037cd14260fec448c7120d9 SHA256: 242825bf72fa227adeae0f8407a5510d7999cedfacd3f3f1f492df134cd50a93 SSDeep: 24:u5Exls/N1Khw8kNq6Iveg9Dn4Pqc4UwZgrtkG8RUyf91OzbhgR0IhO+Ru8J7mNOT:XHIrKmrNcTpnf/Uwm+Dy098JolRlLZtj |
|
|
Host Behavior
File (7776)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\$GetCurrent\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\$GetCurrent\Logs\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\$GetCurrent\SafeOS\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\$GetCurrent\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\$WINRE_BACKUP_PARTITION.MARKER | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1025\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1028\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
5 | |
| Create | C:\588bce7c90097ed212\1029\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1030\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1031\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1032\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\$GetCurrent\Logs\PartnerSetupCompleteResult.log | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\$GetCurrent\SafeOS\preoobe.cmd | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\$GetCurrent\SafeOS\SetupComplete.cmd | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\$GetCurrent\SafeOS\PartnerSetupComplete.cmd | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\$GetCurrent\SafeOS\GetCurrentRollback.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1025\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1033\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
4 | |
| Create | C:\588bce7c90097ed212\1035\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1036\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1037\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1038\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1040\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1028\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1029\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1025\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1041\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\1042\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1043\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1044\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\1045\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1046\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1029\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1028\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1030\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1030\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1031\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1031\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1032\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1032\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1033\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1033\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1035\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1035\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1036\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1036\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1037\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1037\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1038\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1038\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1040\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1040\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1041\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1041\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1042\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1042\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1043\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1043\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1044\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1044\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1045\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1045\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1046\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1046\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1049\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1053\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1055\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\2052\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\2070\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\3076\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\588bce7c90097ed212\3082\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1049\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1049\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1053\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1053\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1055\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1055\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\2052\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\2052\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\2070\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\2070\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\3076\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\3076\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\3082\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\3082\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Client\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\588bce7c90097ed212\Extended\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Graphics\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Client\Parameterinfo.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Client\UiInfo.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\DHtmlHeader.html | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\DisplayIcon.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Extended\Parameterinfo.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Extended\UiInfo.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Graphics\Print.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Graphics\Rotate1.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Graphics\Rotate2.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Graphics\Rotate3.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Graphics\Rotate4.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Graphics\Rotate5.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Graphics\Rotate6.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Graphics\Rotate7.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Graphics\Rotate8.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Graphics\Save.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Graphics\Setup.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Graphics\stop.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Graphics\SysReqMet.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Graphics\SysReqNotMet.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Graphics\warn.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\header.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\netfx_Core.mzz | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\netfx_Core_x64.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\netfx_Extended.mzz | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\netfx_Core_x86.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\UiInfo.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Strings.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\SplashScreen.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\SetupUi.xsd | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\RGB9Rast_x86.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\RGB9RAST_x64.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\ParameterInfo.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\netfx_Extended_x86.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\netfx_Extended_x64.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\watermark.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\bg-BG\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Boot\cs-CZ\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\da-DK\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\de-DE\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Boot\el-GR\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\en-GB\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
6 | |
| Create | C:\Boot\en-US\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\es-ES\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\es-MX\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\et-EE\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\fi-FI\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\BCD.LOG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\BCD | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\msjhn_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\chs_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\cht_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\jpn_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\msjh_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\msyhn_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\msyh_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\segmono_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\segoen_slboot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\segoe_slboot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\wgl4_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\meiryo_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\meiryon_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\malgunn_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\kor_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\BOOTSTAT.DAT | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\BCD.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\BCD.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\malgun_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
13 | |
| Create | C:\Boot\fr-CA\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\fr-FR\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\hr-HR\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\hu-HU\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\it-IT\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\ja-JP\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\ko-KR\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\lt-LT\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\lv-LV\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\nb-NO\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\nl-NL\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\pl-PL\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\pt-BR\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
12 | |
| Create | C:\Boot\pt-PT\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\qps-ploc\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Resources\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Resources\en-US\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Resources\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\ro-RO\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\ru-RU\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\sk-SK\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\sl-SI\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\sr-Latn-CS\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\sr-Latn-RS\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\sv-SE\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\tr-TR\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\uk-UA\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Boot\updaterevokesipolicy.p7b | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\zh-CN\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\zh-HK\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\zh-TW\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Adobe\ARM\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\All Users\Adobe\ARM\Reader_15.007.20033\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Adobe\ARM\Reader_15.023.20070\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Adobe\ARM\S\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Adobe\ARM\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Adobe\ARM\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_15.007.20033\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_15.023.20070\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Adobe\ARM\S\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Adobe\ARM\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Adobe\ARM\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Adobe\ARM\Reader_15.007.20033\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Adobe\ARM\Reader_15.023.20070\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Adobe\ARM\S\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Adobe\ARM\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.007.20033\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.023.20070\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Adobe\ARM\S\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.007.20033\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.023.20070\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\S\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.007.20033\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.023.20070\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\S\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.007.20033\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.023.20070\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\S\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\bootmgr | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\BOOTNXT | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.007.20033\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.023.20070\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\S\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.007.20033\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.023.20070\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\S\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.007.20033\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.023.20070\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\S\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
6 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.007.20033\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.023.20070\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\S\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
16 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.007.20033\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.023.20070\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\S\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\BOOTSECT.BAK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
16 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
4 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.007.20033\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.023.20070\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\S\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
4 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
35 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\AppV\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\AppV\Setup\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\DataMart\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\DeviceSync\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\DRM\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\DRM\Server\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Event Viewer\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IdentityCRL\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MapData\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Settings\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\SmsRouter\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Spectrum\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Speech_OneCore\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Storage Health\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
4 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\Scripts\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\Templates\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\WDF\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender Advanced Threat Protection\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Security Health\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\WinMSIPC\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\WwanSvc\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
5 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\javapath\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\javapath_target_474984\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
19 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\SoftwareDistribution\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Templates\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUx.001.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUx.002.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.001.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.002.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.003.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.004.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.005.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.006.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.007.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.008.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.009.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.010.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.011.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.012.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.013.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.014.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.015.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.016.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.017.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WindowsHolographicDevices\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.022.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.023.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.024.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.025.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.026.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.027.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.028.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.002.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
4 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\AppV\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\AppV\Setup\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\AppV\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\AppV\Setup\OfficeIntegrator.ps1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
4 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Integration\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\UserData\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
5 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\DSS\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\DSS\MachineKeys\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\DSS\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\Keys\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\PCPKSP\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\PCPKSP\WindowsAIK\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_33d770d0-06bc-47c5-8714-222cdac43a71 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\f686aace6942fb7f7ceb231212eef4a4_e8d761b7-8a68-4187-8c95-75a3788ac267 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_33d770d0-06bc-47c5-8714-222cdac43a71 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\7092289d2be9a3ebf1065d0f1c678ab6_e8d761b7-8a68-4187-8c95-75a3788ac267 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\d20d9e7d1dcddc105a0d5e00d5e1ad30_33d770d0-06bc-47c5-8714-222cdac43a71 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\DataMart\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\DataMart\PaidWiFi\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\DataMart\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\DeviceSync\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
5 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
4 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\AsimovUploader\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
4 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\ScenarioShutdownLogger\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\ShutdownLogger\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\LocalTraceStore\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
5 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\Sideload\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\Siufloc\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\Events_CostDeferred.rbs | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\Events_Normal.rbs | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\Events_NormalCritical.rbs | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\Events_Realtime.rbs | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\osver.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\parse.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\SoftLanding\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\SoftLandingStage\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\TenantStorage\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\DRM\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\DRM\Server\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\DRM\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\SoftLanding\03d1e1da-f580-45d7-afdd-3598ed7cdba4_show.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\SoftLanding\03d1e1da-f580-45d7-afdd-3598ed7cdba4_withdraw.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\SoftLanding\394b7b36-41b9-4032-9875-c0240ca5a7f5_show.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\SoftLanding\394b7b36-41b9-4032-9875-c0240ca5a7f5_withdraw.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\SoftLanding\75ef5b41-571d-4a4b-92bb-8b9f7fdc831f_show.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\SoftLanding\75ef5b41-571d-4a4b-92bb-8b9f7fdc831f_withdraw.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\SoftLanding\9984ecc0-931c-4feb-8996-203a6ffaa852_show.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\SoftLanding\9984ecc0-931c-4feb-8996-203a6ffaa852_withdraw.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\SoftLanding\acae4208-0ac4-4ef7-ac45-bb688b09e559_show.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\SoftLanding\acae4208-0ac4-4ef7-ac45-bb688b09e559_withdraw.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\SoftLanding\c0802597-6174-487a-b7de-20e8b1aa384e_show.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\SoftLanding\c0802597-6174-487a-b7de-20e8b1aa384e_withdraw.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\SoftLanding\e80c855c-d75c-47b1-9ae4-f07f8c6c613d_show.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\SoftLanding\e80c855c-d75c-47b1-9ae4-f07f8c6c613d_withdraw.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\SoftLanding\e9d21752-8fc9-4793-b42e-33105b078a51_show.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\SoftLanding\e9d21752-8fc9-4793-b42e-33105b078a51_withdraw.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\SoftLanding\fffd8b5d-0172-4719-a792-b7c76986459d_show.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\SoftLanding\fffd8b5d-0172-4719-a792-b7c76986459d_withdraw.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\VortexSchemaRequests.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Event Viewer\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Event Viewer\Views\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Event Viewer\Views\ApplicationViewsRootNode\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IdentityCRL\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IdentityCRL\INT\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IdentityCRL\production\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IdentityCRL\production\temp\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MapData\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
23 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Connections\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Connections\Cm\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Connections\CM_old\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\edb.chk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\edb.log | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\edbres00001.jrs | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\edbres00002.jrs | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\edbtmp.log | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr.db | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr.jfm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ClickToRunPackageLocker | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
19 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c5dc3753-b6c8-4057-b396-bf13d769311c}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Settings\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Settings\Accounts\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Settings\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\SmsRouter\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\SmsRouter\MessageStore\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\countrytable.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\SmsRouter\MessageStore\edb.chk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\SmsRouter\MessageStore\edb.log | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\SmsRouter\MessageStore\edb00002.log | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\SmsRouter\MessageStore\edbres00001.jrs | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\SmsRouter\MessageStore\edbres00002.jrs | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\SmsRouter\MessageStore\edbtmp.log | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\SmsRouter\MessageStore\SmsInterceptStore.db | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\SmsRouter\MessageStore\SmsInterceptStore.jfm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Spectrum\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Speech_OneCore\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Storage Health\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Storage Health\StorageEventsArchive.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Storage Health\StorageHealthModel.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\DesktopSettings2013.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\EaseOfAccessSettings2013.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftInternetExplorer2013.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftInternetExplorer2013Backup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftLync2010.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftLync2013Win32.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftLync2013Win64.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftNotepad.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOffice2010Win32.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOffice2010Win64.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013BackupWin32.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013BackupWin64.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Office365Win32.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Office365Win64.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Win32.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Win64.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016BackupWin32.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016BackupWin64.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016Win32.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016Win64.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2013CAWin32.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2013CAWin64.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2016CAWin32.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\Scripts\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\Templates\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\WDF\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2016CAWin64.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftSkypeForBusiness2016Win32.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftSkypeForBusiness2016Win64.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftWordpad.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\NetworkPrinters.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\RoamingCredentialSettings.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\ThemeSettings2013.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\VdiState.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\Scripts\RegisterInboxTemplates.ps1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\Templates\SettingsLocationTemplate.xsd | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\Templates\SettingsLocationTemplate2013.xsd | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\Templates\SettingsLocationTemplate2013A.xsd | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\Default User.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\FD1HVy.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
19 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\AppRepository\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
4 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\AppRepository\Downlevel\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\AppRepository\Families\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\AppRepository\Packages\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Caches\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
5 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\GenuineTicket\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Import\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Import\InApp\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Install\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\DeviceMetadataCache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\DeviceMetadataStore\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\GameExplorer\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\LfSvc\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\LfSvc\Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\LfSvc\Geofence\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\PackagedEventProviders\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Parental Controls\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Power Efficiency Diagnostics\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Ringtones\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\SleepStudy\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Sqm\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
4 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Sqm\Manifest\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Sqm\Sessions\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Sqm\Upload\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu Places\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\SystemData\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\SystemData\S-1-5-18\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Templates\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
4 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\ReportArchive\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\ReportQueue\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\Temp\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\wfp\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
10 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Clean Store\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Features\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\LocalCopy\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Quarantine\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
6 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\CleanFileTelemetry\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\CleanStore\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-3B2FA0352F7866F295FE76520C4D8AC0F30337F5.bin.5B | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-3B2FA0352F7866F295FE76520C4D8AC0F30337F5.bin.67 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-3B2FA0352F7866F295FE76520C4D8AC0F30337F5.bin.7E | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-3B2FA0352F7866F295FE76520C4D8AC0F30337F5.bin.80 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-3B2FA0352F7866F295FE76520C4D8AC0F30337F5.bin.87 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-3B2FA0352F7866F295FE76520C4D8AC0F30337F5.bin.CC | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-CC7537BD57F4E352D7CDEA5852D447A507E0F749.bin | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-CC7537BD57F4E352D7CDEA5852D447A507E0F749.bin.79 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-CC7537BD57F4E352D7CDEA5852D447A507E0F749.bin.7E | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-3B2FA0352F7866F295FE76520C4D8AC0F30337F5.bin | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-3B2FA0352F7866F295FE76520C4D8AC0F30337F5.bin.79 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-3B2FA0352F7866F295FE76520C4D8AC0F30337F5.bin.7C | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-3B2FA0352F7866F295FE76520C4D8AC0F30337F5.bin.83 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-3B2FA0352F7866F295FE76520C4D8AC0F30337F5.bin.A0 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-3B2FA0352F7866F295FE76520C4D8AC0F30337F5.bin.CB | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-CC7537BD57F4E352D7CDEA5852D447A507E0F749.bin.5B | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-CC7537BD57F4E352D7CDEA5852D447A507E0F749.bin.67 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-CC7537BD57F4E352D7CDEA5852D447A507E0F749.bin.7C | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\RtSigs\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Support\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender Advanced Threat Protection\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
8 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Inbox\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Queue\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Queue_Migrated\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\SentItems\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Security Health\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-CC7537BD57F4E352D7CDEA5852D447A507E0F749.bin.80 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-CC7537BD57F4E352D7CDEA5852D447A507E0F749.bin.83 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-CC7537BD57F4E352D7CDEA5852D447A507E0F749.bin.87 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-CC7537BD57F4E352D7CDEA5852D447A507E0F749.bin.A0 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-CC7537BD57F4E352D7CDEA5852D447A507E0F749.bin.CB | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-CC7537BD57F4E352D7CDEA5852D447A507E0F749.bin.CC | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\WinMSIPC\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\WinMSIPC\Server\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\WinMSIPC\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\WwanSvc\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\WwanSvc\DMProfiles\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\WwanSvc\Profiles\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\WwanSvc\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
4 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\javapath\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\javapath_target_474984\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
18 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c46.timestamp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\SoftwareDistribution\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Startup\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Quick Assist.lnk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Startup\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Tablet PC\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Templates\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Windows Defender.lnk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Windows 10 Update Assistant.lnk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Windows Media Player.lnk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\UpdateCspStore.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUx.001.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUx.002.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.001.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.002.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.003.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.004.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.005.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.006.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.007.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.008.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.009.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.010.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.011.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.012.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.013.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.014.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.015.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.016.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.017.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WindowsHolographicDevices\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WindowsHolographicDevices\SpatialStore\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\AppV\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\AppV\Setup\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\AppV\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.022.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.023.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.024.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.025.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.026.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.027.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.028.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.002.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Integration\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Integration\ShortcutBackups\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\AppV\Setup\OfficeIntegrator.ps1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\A6A87302-92AE-41F2-AC52-73F5EE18259F\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Read | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini | size = 174, size_out = 174 |
|
1 | |
| Read | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini | size = 278, size_out = 278 |
|
1 | |
| Read | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini | size = 25, size_out = 25 |
|
2 | |
| Read | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini | size = 380, size_out = 380 |
|
2 | |
| Read | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini | size = 380, size_out = 380 |
|
1 | |
| Read | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini | size = 174, size_out = 174 |
|
1 | |
| Read | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini | size = 796, size_out = 796 |
|
1 | |
| Read | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini | size = 370, size_out = 370 |
|
1 | |
| Read | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini | size = 1476, size_out = 1476 |
|
1 | |
| Read | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini | size = 2598, size_out = 2598 |
|
1 | |
| Read | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini | size = 170, size_out = 170 |
|
1 | |
| Read | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Startup\desktop.ini | size = 174, size_out = 174 |
|
1 | |
| Read | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini | size = 338, size_out = 338 |
|
1 | |
| Read | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini | size = 85, size_out = 85 |
|
1 | |
| Read | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Startup\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Startup\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Write | C:\588bce7c90097ed212\2052\LocalizedData.xml | size = 60688 |
|
1 | |
| Write | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini | size = 176 |
|
1 | |
| Write | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini | size = 288 |
|
1 | |
| Write | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini | size = 384 |
|
2 | |
| Write | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini | size = 6 |
|
2 | |
| Write | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini | size = 268 |
|
2 | |
| Write | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini | size = 384 |
|
1 | |
| Write | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini | size = 176 |
|
1 | |
| Write | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini | size = 800 |
|
1 | |
| Write | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini | size = 384 |
|
1 | |
| Write | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini | size = 1488 |
|
1 | |
| Write | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini | size = 2608 |
|
1 | |
| Write | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini | size = 176 |
|
1 | |
| Write | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Startup\desktop.ini | size = 176 |
|
1 | |
| Write | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Startup\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Startup\desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini | size = 352 |
|
1 | |
| Write | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini | size = 96 |
|
1 | |
|
For performance reasons, the remaining 4004 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
Process (2329)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | net | show_window = SW_HIDE |
|
2 | |
| Create | net | show_window = SW_HIDE |
|
31 | |
| Enumerate Processes | - | - |
|
2163 | |
| Enumerate Processes | - | - |
|
32 | |
| Open | System | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\smss.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\csrss.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\wininit.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\csrss.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\winlogon.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\services.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\lsass.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\fontdrvhost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\fontdrvhost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\dwm.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\spoolsv.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\audiodg.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\sihost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\taskhostw.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\securityhealthservice.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\explorer.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | - | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\systemapps\shellexperiencehost_cw5n1h2txyewy\shellexperiencehost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\runtimebroker.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\wbem\wmiprvse.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\taskhostw.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\microsoft office\root\office16\msoia.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\usoclient.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\common files\microsoft shared\clicktorun\officec2rclient.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\taskhostw.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\devicecensus.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\microsoft office\root\office16\msoia.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\unp\unpcampaignmanager.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\apphostregistrationverifier.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\windows defender advanced threat protection\roof competitive.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\uninstall information\increases.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\windows photo viewer\titles-halloween-french.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\windows photo viewer\clinic_cause.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\internet explorer\danger.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\reference assemblies\tabsdimensions.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\windows portable devices\growth summer.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\windows defender advanced threat protection\composite_watershed_nearby.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\common files\coin iii statements.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\microsoft office 15\nine.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\windows mail\tissue.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\dllhost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\mozilla firefox\walker.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\msbuild\sperm_new.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\internet explorer\lebanonpee.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\rempl\anymore.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\microsoft office\wider.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\windows nt\simpson revenue.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\windows mail\daily.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\microsoft office\chronic.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\conhost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\conhost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\compattelrunner.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\conhost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\sihost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\taskhostw.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\systemapps\shellexperiencehost_cw5n1h2txyewy\shellexperiencehost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\runtimebroker.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\taskhostw.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\microsoft office\root\office16\msoia.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\microsoft office\root\office16\msoia.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\apphostregistrationverifier.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\windows defender advanced threat protection\roof competitive.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\uninstall information\increases.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\windows photo viewer\titles-halloween-french.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\windows photo viewer\clinic_cause.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\internet explorer\danger.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\reference assemblies\tabsdimensions.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\windows portable devices\growth summer.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\windows defender advanced threat protection\composite_watershed_nearby.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\common files\coin iii statements.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\microsoft office 15\nine.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\windows mail\tissue.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\dllhost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\mozilla firefox\walker.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\msbuild\sperm_new.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\internet explorer\lebanonpee.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\rempl\anymore.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\microsoft office\wider.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\windows nt\simpson revenue.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\windows mail\daily.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\microsoft office\chronic.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 |
Thread (11)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | c:\windows\system32\sihost.exe | proc_address = 0x7ff7199c2470, proc_parameter = 140699263303680, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| Create | c:\windows\system32\svchost.exe | proc_address = 0x7ff7199c2470, proc_parameter = 140699263303680, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| Create | c:\windows\system32\taskhostw.exe | proc_address = 0x7ff7199c2470, proc_parameter = 140699263303680, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| Create | c:\windows\systemapps\shellexperiencehost_cw5n1h2txyewy\shellexperiencehost.exe | proc_address = 0x7ff7199c2470, proc_parameter = 140699263303680, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| Create | c:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe | proc_address = 0x7ff7199c2470, proc_parameter = 140699263303680, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| Create | c:\windows\system32\runtimebroker.exe | proc_address = 0x7ff7199c2470, proc_parameter = 140699263303680, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| Create | c:\windows\system32\taskhostw.exe | proc_address = 0x7ff7199c2470, proc_parameter = 140699263303680, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| Create | c:\program files\microsoft office\root\office16\msoia.exe | proc_address = 0x7ff7199c2470, proc_parameter = 140699263303680, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| Create | c:\program files\microsoft office\root\office16\msoia.exe | proc_address = 0x7ff7199c2470, proc_parameter = 140699263303680, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| Create | c:\windows\system32\apphostregistrationverifier.exe | proc_address = 0x7ff7199c2470, proc_parameter = 140699263303680, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| Create | c:\windows\system32\dllhost.exe | proc_address = 0x7ff7199c2470, proc_parameter = 140699263303680, flags = THREAD_RUNS_IMMEDIATELY |
|
1 |
Memory (42)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Allocate | c:\windows\system32\sihost.exe | address = 140699263303680, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| Allocate | c:\windows\system32\svchost.exe | address = 140699263303680, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| Allocate | c:\windows\system32\taskhostw.exe | address = 140699263303680, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| Allocate | c:\windows\systemapps\shellexperiencehost_cw5n1h2txyewy\shellexperiencehost.exe | address = 140699263303680, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| Allocate | c:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe | address = 140699263303680, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| Allocate | c:\windows\system32\runtimebroker.exe | address = 140699263303680, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| Allocate | c:\windows\system32\taskhostw.exe | address = 140699263303680, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| Allocate | c:\program files\microsoft office\root\office16\msoia.exe | address = 140699263303680, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| Allocate | c:\program files\microsoft office\root\office16\msoia.exe | address = 140699263303680, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| Allocate | c:\windows\system32\apphostregistrationverifier.exe | address = 140699263303680, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| Allocate | c:\program files\windows defender advanced threat protection\roof competitive.exe | address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| Allocate | c:\program files\uninstall information\increases.exe | address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| Allocate | c:\program files (x86)\windows photo viewer\titles-halloween-french.exe | address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| Allocate | c:\program files (x86)\windows photo viewer\clinic_cause.exe | address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| Allocate | c:\program files\internet explorer\danger.exe | address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| Allocate | c:\program files (x86)\reference assemblies\tabsdimensions.exe | address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| Allocate | c:\program files\windows portable devices\growth summer.exe | address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| Allocate | c:\program files\windows defender advanced threat protection\composite_watershed_nearby.exe | address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| Allocate | c:\program files\common files\coin iii statements.exe | address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| Allocate | c:\program files\microsoft office 15\nine.exe | address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| Allocate | c:\program files\windows mail\tissue.exe | address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| Allocate | c:\windows\system32\dllhost.exe | address = 140699263303680, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| Allocate | c:\program files\mozilla firefox\walker.exe | address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| Allocate | c:\program files\msbuild\sperm_new.exe | address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| Allocate | c:\program files (x86)\internet explorer\lebanonpee.exe | address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| Allocate | c:\program files\rempl\anymore.exe | address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| Allocate | c:\program files\microsoft office\wider.exe | address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| Allocate | c:\program files (x86)\windows nt\simpson revenue.exe | address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| Allocate | c:\program files\windows mail\daily.exe | address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| Allocate | c:\program files\microsoft office\chronic.exe | address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| Free | c:\program files\microsoft office\root\office16\msoia.exe | address = 140699263303680, free_type = MEM_RELEASE, size = 0 |
|
1 | |
| Write | c:\windows\system32\sihost.exe | address = 0x7ff7199c0000, size = 3764224 |
|
1 | |
| Write | c:\windows\system32\svchost.exe | address = 0x7ff7199c0000, size = 3764224 |
|
1 | |
| Write | c:\windows\system32\taskhostw.exe | address = 0x7ff7199c0000, size = 3764224 |
|
1 | |
| Write | c:\windows\systemapps\shellexperiencehost_cw5n1h2txyewy\shellexperiencehost.exe | address = 0x7ff7199c0000, size = 3764224 |
|
1 | |
| Write | c:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe | address = 0x7ff7199c0000, size = 3764224 |
|
1 | |
| Write | c:\windows\system32\runtimebroker.exe | address = 0x7ff7199c0000, size = 3764224 |
|
1 | |
| Write | c:\windows\system32\taskhostw.exe | address = 0x7ff7199c0000, size = 3764224 |
|
1 | |
| Write | c:\program files\microsoft office\root\office16\msoia.exe | address = 0x7ff7199c0000, size = 3764224 |
|
1 | |
| Write | c:\program files\microsoft office\root\office16\msoia.exe | address = 0x7ff7199c0000, size = 3764224 |
|
1 | |
| Write | c:\windows\system32\apphostregistrationverifier.exe | address = 0x7ff7199c0000, size = 3764224 |
|
1 | |
| Write | c:\windows\system32\dllhost.exe | address = 0x7ff7199c0000, size = 3764224 |
|
1 |
Module (127)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | api-ms-win-core-synch-l1-2-0 | base_address = 0x7ff92f150000 |
|
2 | |
| Load | api-ms-win-core-fibers-l1-1-1 | base_address = 0x7ff92f150000 |
|
2 | |
| Load | advapi32 | base_address = 0x7ff931520000 |
|
1 | |
| Load | api-ms-win-core-localization-l1-2-1 | base_address = 0x7ff92f150000 |
|
1 | |
| Load | kernel32.dll | base_address = 0x7ff92fdd0000 |
|
1 | |
| Load | mpr.dll | base_address = 0x7ff9232d0000 |
|
1 | |
| Load | advapi32.dll | base_address = 0x7ff931520000 |
|
1 | |
| Load | ole32.dll | base_address = 0x7ff9315e0000 |
|
1 | |
| Load | Shell32.dll | base_address = 0x7ff9300e0000 |
|
1 | |
| Load | Iphlpapi.dll | base_address = 0x7ff92da00000 |
|
1 | |
| Get Handle | c:\users\fd1hvy\desktop\raemq.exe | base_address = 0x7ff7199c0000 |
|
30 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\raemq.exe, file_name_orig = C:\Users\FD1HVy\Desktop\raEMQ.exe, size = 260 |
|
2 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\raemq.exe, file_name_orig = C:\Users\FD1HVy\Desktop\raEMQ.exe, size = 100 |
|
1 | |
| Get Address | c:\windows\system32\kernelbase.dll | function = InitializeCriticalSectionEx, address_out = 0x7ff92f1ad580 |
|
2 | |
| Get Address | c:\windows\system32\kernelbase.dll | function = FlsAlloc, address_out = 0x7ff92f1bd3e0 |
|
2 | |
| Get Address | c:\windows\system32\kernelbase.dll | function = FlsSetValue, address_out = 0x7ff92f198c10 |
|
2 | |
| Get Address | c:\windows\system32\advapi32.dll | function = EventRegister, address_out = 0x7ff931f8ad30 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = EventSetInformation, address_out = 0x7ff931f8aa10 |
|
1 | |
| Get Address | c:\windows\system32\kernelbase.dll | function = FlsGetValue, address_out = 0x7ff92f192340 |
|
1 | |
| Get Address | c:\windows\system32\kernelbase.dll | function = LCMapStringEx, address_out = 0x7ff92f17c800 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = LoadLibraryA, address_out = 0x7ff92fdee490 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetLastError, address_out = 0x7ff92fde33c0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = VirtualFree, address_out = 0x7ff92fdea3e0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptExportKey, address_out = 0x7ff931535410 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = DeleteFileW, address_out = 0x7ff92fdf2130 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetDriveTypeW, address_out = 0x7ff92fdf22c0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCommandLineW, address_out = 0x7ff92fdedbe0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetStartupInfoW, address_out = 0x7ff92fdebf50 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindNextFileW, address_out = 0x7ff92fdf2230 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = VirtualAlloc, address_out = 0x7ff92fde97f0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = GetUserNameA, address_out = 0x7ff9315622e0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = ExitProcess, address_out = 0x7ff92fdec0d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Wow64RevertWow64FsRedirection, address_out = 0x7ff92fe07cd0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateProcessA, address_out = 0x7ff92fdeb190 |
|
1 | |
| Get Address | c:\windows\system32\iphlpapi.dll | function = GetIpNetTable, address_out = 0x7ff92da0fcc0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetVersionExW, address_out = 0x7ff92fde9a70 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Wow64DisableWow64FsRedirection, address_out = 0x7ff92fe07cc0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetSystemDefaultLangID, address_out = 0x7ff92fdee860 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = GetUserNameW, address_out = 0x7ff9315353c0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = ReadFile, address_out = 0x7ff92fdf2480 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegQueryValueExA, address_out = 0x7ff9315354e0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CloseHandle, address_out = 0x7ff92fdf1ea0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegSetValueExW, address_out = 0x7ff931535370 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegCloseKey, address_out = 0x7ff931534c50 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileA, address_out = 0x7ff92fe2a370 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFileAttributesW, address_out = 0x7ff92fdf24f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WinExec, address_out = 0x7ff92fe2e3b0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptDeriveKey, address_out = 0x7ff93154a740 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptGenKey, address_out = 0x7ff931539be0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Sleep, address_out = 0x7ff92fde3410 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCurrentProcess, address_out = 0x7ff92fdf1e00 |
|
1 | |
| Get Address | c:\windows\system32\shell32.dll | function = ShellExecuteW, address_out = 0x7ff9301df5d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileSize, address_out = 0x7ff92fdf2320 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GlobalAlloc, address_out = 0x7ff92fde7fb0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindClose, address_out = 0x7ff92fdf2160 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WaitForMultipleObjects, address_out = 0x7ff92fdf2070 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleFileNameA, address_out = 0x7ff92fdee000 |
|
1 | |
| Get Address | c:\windows\system32\shell32.dll | function = ShellExecuteA, address_out = 0x7ff9302a1600 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleHandleA, address_out = 0x7ff92fdec1a0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleFileNameW, address_out = 0x7ff92fdebfa0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateFileA, address_out = 0x7ff92fdf20f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileSizeEx, address_out = 0x7ff92fdf2330 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WriteFile, address_out = 0x7ff92fdf2570 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetLogicalDrives, address_out = 0x7ff92fde8dd0 |
|
1 | |
| Get Address | c:\windows\system32\mpr.dll | function = WNetEnumResourceW, address_out = 0x7ff9232d12d0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegOpenKeyExW, address_out = 0x7ff931534aa0 |
|
1 | |
| Get Address | c:\windows\system32\mpr.dll | function = WNetCloseEnum, address_out = 0x7ff9232d14f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetWindowsDirectoryW, address_out = 0x7ff92fdee9f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFileAttributesA, address_out = 0x7ff92fdf24e0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegOpenKeyExA, address_out = 0x7ff9315353b0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFilePointer, address_out = 0x7ff92fdf2510 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetTickCount, address_out = 0x7ff92fde33d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileAttributesW, address_out = 0x7ff92fdf2300 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindFirstFileW, address_out = 0x7ff92fdf21e0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptAcquireContextW, address_out = 0x7ff931535a10 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = MoveFileExW, address_out = 0x7ff92fdeec60 |
|
1 | |
| Get Address | c:\windows\system32\mpr.dll | function = WNetOpenEnumW, address_out = 0x7ff9232d15e0 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoInitialize, address_out = 0x7ff9315e7e20 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptDecrypt, address_out = 0x7ff931539b10 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptImportKey, address_out = 0x7ff9315353f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFilePointerEx, address_out = 0x7ff92fdf2520 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileW, address_out = 0x7ff92fdf2770 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FreeLibrary, address_out = 0x7ff92fdebf60 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateProcessW, address_out = 0x7ff92fdeba30 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateDirectoryW, address_out = 0x7ff92fdf20d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateThread, address_out = 0x7ff92fde9940 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptDestroyKey, address_out = 0x7ff9315357e0 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoCreateInstance, address_out = 0x7ff92fad5110 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateFileW, address_out = 0x7ff92fdf2100 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileAttributesA, address_out = 0x7ff92fdf22d0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptEncrypt, address_out = 0x7ff93153a1a0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegDeleteValueW, address_out = 0x7ff9315382d0 |
|
1 |
Service (93)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
User (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Lookup Privilege | privilege = SeDebugPrivilege, luid = 20 |
|
1 | |
| Lookup Privilege | privilege = SeBackupPrivilege, luid = 17 |
|
1 |
System (113)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 5000 milliseconds (5.000 seconds) |
|
2 | |
| Sleep | duration = 500 milliseconds (0.500 seconds) |
|
30 | |
| Sleep | duration = 150 milliseconds (0.150 seconds) |
|
33 | |
| Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
31 | |
| Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Sleep | duration = 100 milliseconds (0.100 seconds) |
|
12 | |
| Get Info | type = Operating System |
|
2 | |
| Get Info | type = Windows Directory, result_out = C:\WINDOWS |
|
2 |
Environment (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
1 |
Process #2: sihost.exe
86
0
| Information | Value |
|---|---|
| ID | #2 |
| File Name | c:\windows\system32\sihost.exe |
| Command Line | sihost.exe |
| Initial Working Directory | C:\WINDOWS\system32\ |
| Monitor | Start Time: 00:00:47, Reason: Injection |
| Unmonitor | End Time: 00:01:24, Reason: Crashed |
| Monitor Duration | 00:00:36 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x6fc |
| Parent PID | 0x3c0 (c:\windows\system32\svchost.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
AF8
0x
AF4
0x
8D8
0x
8A8
0x
8A4
0x
810
0x
4CC
0x
750
0x
73C
0x
728
0x
724
0x
710
0x
70C
0x
708
0x
700
0x
36C
0x
E60
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| buffer | 0x7FF7199C0000 | 0x7FF719D56FFF | First Execution | - | 64-bit | 0x7FF7199C1C30, 0x7FF7199C58F0, ... |
|
|
|
| buffer | 0x7FF7199C0000 | 0x7FF719D56FFF | Content Changed | - | 64-bit | 0x7FF7199C6000 |
|
|
|
| buffer | 0x7FF7199C0000 | 0x7FF719D56FFF | Content Changed | - | 64-bit | 0x7FF7199C7000 |
|
|
|
| buffer | 0x7FF7199C0000 | 0x7FF719D56FFF | Content Changed | - | 64-bit | 0x7FF7199CBA2C, 0x7FF7199CA2EC, ... |
|
|
|
| buffer | 0x7FF7199C0000 | 0x7FF719D56FFF | Content Changed | - | 64-bit | 0x7FF7199CCDCC, 0x7FF7199CDD24, ... |
|
|
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #1: c:\users\fd1hvy\desktop\raemq.exe | 0x49c | address = 0x7ff7199c0000, size = 3764224 |
|
1 | |
| Create Remote Thread | #1: c:\users\fd1hvy\desktop\raemq.exe | 0x49c | address = 0x7ff7199c2470 |
|
1 |
Host Behavior
File (2)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\users\Public\sys | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 | |
| Create | C:\users\Public\sys | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 |
Module (78)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | kernel32.dll | base_address = 0x7ff92fdd0000 |
|
1 | |
| Load | mpr.dll | base_address = 0x7ff9232d0000 |
|
1 | |
| Load | advapi32.dll | base_address = 0x7ff931520000 |
|
1 | |
| Load | ole32.dll | base_address = 0x7ff9315e0000 |
|
1 | |
| Load | Shell32.dll | base_address = 0x7ff9300e0000 |
|
1 | |
| Load | Iphlpapi.dll | base_address = 0x7ff92da00000 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = LoadLibraryA, address_out = 0x7ff92fdee490 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetLastError, address_out = 0x7ff92fde33c0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = VirtualFree, address_out = 0x7ff92fdea3e0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptExportKey, address_out = 0x7ff931535410 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = DeleteFileW, address_out = 0x7ff92fdf2130 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetDriveTypeW, address_out = 0x7ff92fdf22c0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCommandLineW, address_out = 0x7ff92fdedbe0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetStartupInfoW, address_out = 0x7ff92fdebf50 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindNextFileW, address_out = 0x7ff92fdf2230 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = VirtualAlloc, address_out = 0x7ff92fde97f0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = GetUserNameA, address_out = 0x7ff9315622e0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = ExitProcess, address_out = 0x7ff92fdec0d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Wow64RevertWow64FsRedirection, address_out = 0x7ff92fe07cd0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateProcessA, address_out = 0x7ff92fdeb190 |
|
1 | |
| Get Address | c:\windows\system32\iphlpapi.dll | function = GetIpNetTable, address_out = 0x7ff92da0fcc0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetVersionExW, address_out = 0x7ff92fde9a70 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Wow64DisableWow64FsRedirection, address_out = 0x7ff92fe07cc0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetSystemDefaultLangID, address_out = 0x7ff92fdee860 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = GetUserNameW, address_out = 0x7ff9315353c0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = ReadFile, address_out = 0x7ff92fdf2480 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegQueryValueExA, address_out = 0x7ff9315354e0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CloseHandle, address_out = 0x7ff92fdf1ea0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegSetValueExW, address_out = 0x7ff931535370 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegCloseKey, address_out = 0x7ff931534c50 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileA, address_out = 0x7ff92fe2a370 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFileAttributesW, address_out = 0x7ff92fdf24f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WinExec, address_out = 0x7ff92fe2e3b0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptDeriveKey, address_out = 0x7ff93154a740 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptGenKey, address_out = 0x7ff931539be0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Sleep, address_out = 0x7ff92fde3410 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCurrentProcess, address_out = 0x7ff92fdf1e00 |
|
1 | |
| Get Address | c:\windows\system32\shell32.dll | function = ShellExecuteW, address_out = 0x7ff9301df5d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileSize, address_out = 0x7ff92fdf2320 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GlobalAlloc, address_out = 0x7ff92fde7fb0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindClose, address_out = 0x7ff92fdf2160 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WaitForMultipleObjects, address_out = 0x7ff92fdf2070 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleFileNameA, address_out = 0x7ff92fdee000 |
|
1 | |
| Get Address | c:\windows\system32\shell32.dll | function = ShellExecuteA, address_out = 0x7ff9302a1600 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleHandleA, address_out = 0x7ff92fdec1a0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleFileNameW, address_out = 0x7ff92fdebfa0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateFileA, address_out = 0x7ff92fdf20f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileSizeEx, address_out = 0x7ff92fdf2330 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WriteFile, address_out = 0x7ff92fdf2570 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetLogicalDrives, address_out = 0x7ff92fde8dd0 |
|
1 | |
| Get Address | c:\windows\system32\mpr.dll | function = WNetEnumResourceW, address_out = 0x7ff9232d12d0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegOpenKeyExW, address_out = 0x7ff931534aa0 |
|
1 | |
| Get Address | c:\windows\system32\mpr.dll | function = WNetCloseEnum, address_out = 0x7ff9232d14f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetWindowsDirectoryW, address_out = 0x7ff92fdee9f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFileAttributesA, address_out = 0x7ff92fdf24e0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegOpenKeyExA, address_out = 0x7ff9315353b0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFilePointer, address_out = 0x7ff92fdf2510 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetTickCount, address_out = 0x7ff92fde33d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileAttributesW, address_out = 0x7ff92fdf2300 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindFirstFileW, address_out = 0x7ff92fdf21e0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptAcquireContextW, address_out = 0x7ff931535a10 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = MoveFileExW, address_out = 0x7ff92fdeec60 |
|
1 | |
| Get Address | c:\windows\system32\mpr.dll | function = WNetOpenEnumW, address_out = 0x7ff9232d15e0 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoInitialize, address_out = 0x7ff9315e7e20 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptDecrypt, address_out = 0x7ff931539b10 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptImportKey, address_out = 0x7ff9315353f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFilePointerEx, address_out = 0x7ff92fdf2520 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileW, address_out = 0x7ff92fdf2770 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FreeLibrary, address_out = 0x7ff92fdebf60 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateProcessW, address_out = 0x7ff92fdeba30 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateDirectoryW, address_out = 0x7ff92fdf20d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateThread, address_out = 0x7ff92fde9940 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptDestroyKey, address_out = 0x7ff9315357e0 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoCreateInstance, address_out = 0x7ff92fad5110 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateFileW, address_out = 0x7ff92fdf2100 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileAttributesA, address_out = 0x7ff92fdf22d0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptEncrypt, address_out = 0x7ff93153a1a0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegDeleteValueW, address_out = 0x7ff9315382d0 |
|
1 |
User (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Lookup Privilege | privilege = SeBackupPrivilege, luid = 17 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 5000 milliseconds (5.000 seconds) |
|
1 | |
| Get Info | type = Operating System |
|
1 | |
| Get Info | type = Windows Directory, result_out = C:\WINDOWS |
|
1 |
Process #3: svchost.exe
130
0
| Information | Value |
|---|---|
| ID | #3 |
| File Name | c:\windows\system32\svchost.exe |
| Command Line | C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup |
| Initial Working Directory | C:\WINDOWS\system32\ |
| Monitor | Start Time: 00:00:50, Reason: Injection |
| Unmonitor | End Time: 00:04:44, Reason: Crashed |
| Monitor Duration | 00:03:54 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x718 |
| Parent PID | 0x250 (c:\windows\system32\services.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
CD4
0x
C50
0x
C10
0x
608
0x
638
0x
77C
0x
774
0x
74C
0x
748
0x
740
0x
71C
0x
F90
0x
540
0x
F24
0x
CB8
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| buffer | 0x7FF7199C0000 | 0x7FF719D56FFF | Content Changed | - | 64-bit | 0x7FF7199D5CEC, 0x7FF7199CDD24, ... |
|
|
|
| buffer | 0x7FF7199C0000 | 0x7FF719D56FFF | Content Changed | - | 64-bit | 0x7FF7199CCCB4 |
|
|
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #1: c:\users\fd1hvy\desktop\raemq.exe | 0x49c | address = 0x7ff7199c0000, size = 3764224 |
|
1 | |
| Create Remote Thread | #1: c:\users\fd1hvy\desktop\raemq.exe | 0x49c | address = 0x7ff7199c2470 |
|
1 |
Host Behavior
File (16)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\users\Public\sys | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
15 | |
| Create | C:\users\Public\sys | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 |
Module (78)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | kernel32.dll | base_address = 0x7ff92fdd0000 |
|
1 | |
| Load | mpr.dll | base_address = 0x7ff9232d0000 |
|
1 | |
| Load | advapi32.dll | base_address = 0x7ff931520000 |
|
1 | |
| Load | ole32.dll | base_address = 0x7ff9315e0000 |
|
1 | |
| Load | Shell32.dll | base_address = 0x7ff9300e0000 |
|
1 | |
| Load | Iphlpapi.dll | base_address = 0x7ff92da00000 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = LoadLibraryA, address_out = 0x7ff92fdee490 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetLastError, address_out = 0x7ff92fde33c0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = VirtualFree, address_out = 0x7ff92fdea3e0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptExportKey, address_out = 0x7ff931535410 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = DeleteFileW, address_out = 0x7ff92fdf2130 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetDriveTypeW, address_out = 0x7ff92fdf22c0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCommandLineW, address_out = 0x7ff92fdedbe0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetStartupInfoW, address_out = 0x7ff92fdebf50 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindNextFileW, address_out = 0x7ff92fdf2230 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = VirtualAlloc, address_out = 0x7ff92fde97f0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = GetUserNameA, address_out = 0x7ff9315622e0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = ExitProcess, address_out = 0x7ff92fdec0d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Wow64RevertWow64FsRedirection, address_out = 0x7ff92fe07cd0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateProcessA, address_out = 0x7ff92fdeb190 |
|
1 | |
| Get Address | c:\windows\system32\iphlpapi.dll | function = GetIpNetTable, address_out = 0x7ff92da0fcc0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetVersionExW, address_out = 0x7ff92fde9a70 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Wow64DisableWow64FsRedirection, address_out = 0x7ff92fe07cc0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetSystemDefaultLangID, address_out = 0x7ff92fdee860 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = GetUserNameW, address_out = 0x7ff9315353c0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = ReadFile, address_out = 0x7ff92fdf2480 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegQueryValueExA, address_out = 0x7ff9315354e0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CloseHandle, address_out = 0x7ff92fdf1ea0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegSetValueExW, address_out = 0x7ff931535370 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegCloseKey, address_out = 0x7ff931534c50 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileA, address_out = 0x7ff92fe2a370 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFileAttributesW, address_out = 0x7ff92fdf24f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WinExec, address_out = 0x7ff92fe2e3b0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptDeriveKey, address_out = 0x7ff93154a740 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptGenKey, address_out = 0x7ff931539be0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Sleep, address_out = 0x7ff92fde3410 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCurrentProcess, address_out = 0x7ff92fdf1e00 |
|
1 | |
| Get Address | c:\windows\system32\shell32.dll | function = ShellExecuteW, address_out = 0x7ff9301df5d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileSize, address_out = 0x7ff92fdf2320 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GlobalAlloc, address_out = 0x7ff92fde7fb0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindClose, address_out = 0x7ff92fdf2160 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WaitForMultipleObjects, address_out = 0x7ff92fdf2070 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleFileNameA, address_out = 0x7ff92fdee000 |
|
1 | |
| Get Address | c:\windows\system32\shell32.dll | function = ShellExecuteA, address_out = 0x7ff9302a1600 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleHandleA, address_out = 0x7ff92fdec1a0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleFileNameW, address_out = 0x7ff92fdebfa0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateFileA, address_out = 0x7ff92fdf20f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileSizeEx, address_out = 0x7ff92fdf2330 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WriteFile, address_out = 0x7ff92fdf2570 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetLogicalDrives, address_out = 0x7ff92fde8dd0 |
|
1 | |
| Get Address | c:\windows\system32\mpr.dll | function = WNetEnumResourceW, address_out = 0x7ff9232d12d0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegOpenKeyExW, address_out = 0x7ff931534aa0 |
|
1 | |
| Get Address | c:\windows\system32\mpr.dll | function = WNetCloseEnum, address_out = 0x7ff9232d14f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetWindowsDirectoryW, address_out = 0x7ff92fdee9f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFileAttributesA, address_out = 0x7ff92fdf24e0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegOpenKeyExA, address_out = 0x7ff9315353b0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFilePointer, address_out = 0x7ff92fdf2510 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetTickCount, address_out = 0x7ff92fde33d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileAttributesW, address_out = 0x7ff92fdf2300 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindFirstFileW, address_out = 0x7ff92fdf21e0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptAcquireContextW, address_out = 0x7ff931535a10 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = MoveFileExW, address_out = 0x7ff92fdeec60 |
|
1 | |
| Get Address | c:\windows\system32\mpr.dll | function = WNetOpenEnumW, address_out = 0x7ff9232d15e0 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoInitialize, address_out = 0x7ff9315e7e20 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptDecrypt, address_out = 0x7ff931539b10 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptImportKey, address_out = 0x7ff9315353f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFilePointerEx, address_out = 0x7ff92fdf2520 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileW, address_out = 0x7ff92fdf2770 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FreeLibrary, address_out = 0x7ff92fdebf60 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateProcessW, address_out = 0x7ff92fdeba30 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateDirectoryW, address_out = 0x7ff92fdf20d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateThread, address_out = 0x7ff92fde9940 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptDestroyKey, address_out = 0x7ff9315357e0 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoCreateInstance, address_out = 0x7ff92fad5110 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateFileW, address_out = 0x7ff92fdf2100 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileAttributesA, address_out = 0x7ff92fdf22d0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptEncrypt, address_out = 0x7ff93153a1a0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegDeleteValueW, address_out = 0x7ff9315382d0 |
|
1 |
User (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Lookup Privilege | privilege = SeBackupPrivilege, luid = 17 |
|
1 |
System (33)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 5000 milliseconds (5.000 seconds) |
|
1 | |
| Sleep | duration = 25000 milliseconds (25.000 seconds) |
|
15 | |
| Get Info | type = Operating System |
|
1 | |
| Get Info | type = Windows Directory, result_out = C:\WINDOWS |
|
16 |
Process #4: taskhostw.exe
103
0
| Information | Value |
|---|---|
| ID | #4 |
| File Name | c:\windows\system32\taskhostw.exe |
| Command Line | taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E} |
| Initial Working Directory | C:\WINDOWS\system32\ |
| Monitor | Start Time: 00:00:51, Reason: Injection |
| Unmonitor | End Time: 00:03:35, Reason: Crashed |
| Monitor Duration | 00:02:44 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x7ac |
| Parent PID | 0x3c0 (c:\windows\system32\svchost.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
A70
0x
AF0
0x
98C
0x
8EC
0x
8B4
0x
B78
0x
B14
0x
830
0x
82C
0x
820
0x
818
0x
814
0x
780
0x
6B0
0x
680
0x
40C
0x
7B0
0x
F64
0x
680
0x
6B0
0x
780
0x
814
0x
818
0x
820
0x
82C
0x
830
0x
B14
0x
8EC
0x
AF0
0x
A70
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| buffer | 0x7FF7199C0000 | 0x7FF719D56FFF | Content Changed | - | 64-bit | 0x7FF7199CCDCC, 0x7FF7199CDD24, ... |
|
|
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Create Remote Thread | #1: c:\users\fd1hvy\desktop\raemq.exe | 0x49c | address = 0x7ff7199c2470 |
|
1 |
Host Behavior
File (7)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\users\Public\sys | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
6 | |
| Create | C:\users\Public\sys | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 |
Module (78)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | kernel32.dll | base_address = 0x7ff92fdd0000 |
|
1 | |
| Load | mpr.dll | base_address = 0x7ff9232d0000 |
|
1 | |
| Load | advapi32.dll | base_address = 0x7ff931520000 |
|
1 | |
| Load | ole32.dll | base_address = 0x7ff9315e0000 |
|
1 | |
| Load | Shell32.dll | base_address = 0x7ff9300e0000 |
|
1 | |
| Load | Iphlpapi.dll | base_address = 0x7ff92da00000 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = LoadLibraryA, address_out = 0x7ff92fdee490 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetLastError, address_out = 0x7ff92fde33c0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = VirtualFree, address_out = 0x7ff92fdea3e0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptExportKey, address_out = 0x7ff931535410 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = DeleteFileW, address_out = 0x7ff92fdf2130 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetDriveTypeW, address_out = 0x7ff92fdf22c0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCommandLineW, address_out = 0x7ff92fdedbe0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetStartupInfoW, address_out = 0x7ff92fdebf50 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindNextFileW, address_out = 0x7ff92fdf2230 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = VirtualAlloc, address_out = 0x7ff92fde97f0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = GetUserNameA, address_out = 0x7ff9315622e0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = ExitProcess, address_out = 0x7ff92fdec0d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Wow64RevertWow64FsRedirection, address_out = 0x7ff92fe07cd0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateProcessA, address_out = 0x7ff92fdeb190 |
|
1 | |
| Get Address | c:\windows\system32\iphlpapi.dll | function = GetIpNetTable, address_out = 0x7ff92da0fcc0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetVersionExW, address_out = 0x7ff92fde9a70 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Wow64DisableWow64FsRedirection, address_out = 0x7ff92fe07cc0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetSystemDefaultLangID, address_out = 0x7ff92fdee860 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = GetUserNameW, address_out = 0x7ff9315353c0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = ReadFile, address_out = 0x7ff92fdf2480 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegQueryValueExA, address_out = 0x7ff9315354e0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CloseHandle, address_out = 0x7ff92fdf1ea0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegSetValueExW, address_out = 0x7ff931535370 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegCloseKey, address_out = 0x7ff931534c50 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileA, address_out = 0x7ff92fe2a370 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFileAttributesW, address_out = 0x7ff92fdf24f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WinExec, address_out = 0x7ff92fe2e3b0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptDeriveKey, address_out = 0x7ff93154a740 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptGenKey, address_out = 0x7ff931539be0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Sleep, address_out = 0x7ff92fde3410 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCurrentProcess, address_out = 0x7ff92fdf1e00 |
|
1 | |
| Get Address | c:\windows\system32\shell32.dll | function = ShellExecuteW, address_out = 0x7ff9301df5d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileSize, address_out = 0x7ff92fdf2320 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GlobalAlloc, address_out = 0x7ff92fde7fb0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindClose, address_out = 0x7ff92fdf2160 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WaitForMultipleObjects, address_out = 0x7ff92fdf2070 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleFileNameA, address_out = 0x7ff92fdee000 |
|
1 | |
| Get Address | c:\windows\system32\shell32.dll | function = ShellExecuteA, address_out = 0x7ff9302a1600 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleHandleA, address_out = 0x7ff92fdec1a0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleFileNameW, address_out = 0x7ff92fdebfa0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateFileA, address_out = 0x7ff92fdf20f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileSizeEx, address_out = 0x7ff92fdf2330 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WriteFile, address_out = 0x7ff92fdf2570 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetLogicalDrives, address_out = 0x7ff92fde8dd0 |
|
1 | |
| Get Address | c:\windows\system32\mpr.dll | function = WNetEnumResourceW, address_out = 0x7ff9232d12d0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegOpenKeyExW, address_out = 0x7ff931534aa0 |
|
1 | |
| Get Address | c:\windows\system32\mpr.dll | function = WNetCloseEnum, address_out = 0x7ff9232d14f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetWindowsDirectoryW, address_out = 0x7ff92fdee9f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFileAttributesA, address_out = 0x7ff92fdf24e0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegOpenKeyExA, address_out = 0x7ff9315353b0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFilePointer, address_out = 0x7ff92fdf2510 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetTickCount, address_out = 0x7ff92fde33d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileAttributesW, address_out = 0x7ff92fdf2300 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindFirstFileW, address_out = 0x7ff92fdf21e0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptAcquireContextW, address_out = 0x7ff931535a10 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = MoveFileExW, address_out = 0x7ff92fdeec60 |
|
1 | |
| Get Address | c:\windows\system32\mpr.dll | function = WNetOpenEnumW, address_out = 0x7ff9232d15e0 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoInitialize, address_out = 0x7ff9315e7e20 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptDecrypt, address_out = 0x7ff931539b10 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptImportKey, address_out = 0x7ff9315353f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFilePointerEx, address_out = 0x7ff92fdf2520 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileW, address_out = 0x7ff92fdf2770 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FreeLibrary, address_out = 0x7ff92fdebf60 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateProcessW, address_out = 0x7ff92fdeba30 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateDirectoryW, address_out = 0x7ff92fdf20d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateThread, address_out = 0x7ff92fde9940 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptDestroyKey, address_out = 0x7ff9315357e0 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoCreateInstance, address_out = 0x7ff92fad5110 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateFileW, address_out = 0x7ff92fdf2100 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileAttributesA, address_out = 0x7ff92fdf22d0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptEncrypt, address_out = 0x7ff93153a1a0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegDeleteValueW, address_out = 0x7ff9315382d0 |
|
1 |
User (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Lookup Privilege | privilege = SeBackupPrivilege, luid = 17 |
|
1 |
System (15)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 5000 milliseconds (5.000 seconds) |
|
1 | |
| Sleep | duration = 25000 milliseconds (25.000 seconds) |
|
6 | |
| Get Info | type = Operating System |
|
1 | |
| Get Info | type = Windows Directory, result_out = C:\WINDOWS |
|
7 |
Process #6: shellexperiencehost.exe
0
0
| Information | Value |
|---|---|
| ID | #6 |
| File Name | c:\windows\systemapps\shellexperiencehost_cw5n1h2txyewy\shellexperiencehost.exe |
| Command Line | "C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca |
| Initial Working Directory | C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ |
| Monitor | Start Time: 00:00:54, Reason: Injection |
| Unmonitor | End Time: 00:01:59, Reason: Self Terminated |
| Monitor Duration | 00:01:05 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xb50 |
| Parent PID | 0x2b4 (c:\windows\system32\svchost.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Low |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
E34
0x
DE8
0x
DE4
0x
DE0
0x
CB4
0x
CB0
0x
CA8
0x
CA4
0x
C08
0x
6E0
0x
6D0
0x
8C8
0x
69C
0x
79C
0x
634
0x
BE0
0x
BDC
0x
BD4
0x
BD0
0x
BA4
0x
BA0
0x
B9C
0x
B94
0x
B8C
0x
B88
0x
B68
0x
B54
0x
DB0
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Create Remote Thread | #1: c:\users\fd1hvy\desktop\raemq.exe | 0x49c | address = 0x7ff7199c2470 |
|
1 |
Process #7: net.exe
0
0
| Information | Value |
|---|---|
| ID | #7 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "audioendpointbuilder" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:00:55, Reason: Child Process |
| Unmonitor | End Time: 00:01:17, Reason: Self Terminated |
| Monitor Duration | 00:00:22 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x9b0 |
| Parent PID | 0xf78 (c:\users\fd1hvy\desktop\raemq.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
A9C
0x
E7C
|
Process #9: net.exe
0
0
| Information | Value |
|---|---|
| ID | #9 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:00:55, Reason: Child Process |
| Unmonitor | End Time: 00:01:11, Reason: Self Terminated |
| Monitor Duration | 00:00:15 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xbb4 |
| Parent PID | 0xf78 (c:\users\fd1hvy\desktop\raemq.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
CC4
0x
6D8
|
Process #11: net1.exe
67
0
| Information | Value |
|---|---|
| ID | #11 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\WINDOWS\system32\net1 stop "audioendpointbuilder" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:00:57, Reason: Child Process |
| Unmonitor | End Time: 00:01:17, Reason: Self Terminated |
| Monitor Duration | 00:00:19 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xf4 |
| Parent PID | 0x9b0 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
E88
0x
B80
|
Host Behavior
File (32)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
15 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 169 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 2 |
|
7 | |
| Write | STD_OUTPUT_HANDLE | size = 16 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 37 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 1 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 53 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 54 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 70 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x16911730002 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0x7ff79de20000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\WINDOWS\system32\net1.exe, size = 260 |
|
1 |
Service (30)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Control | service_name = AUDIOENDPOINTBUILDER |
|
1 | |
| Control | service_name = Audiosrv |
|
1 | |
| Control | service_name = Audiosrv |
|
1 | |
| Control | service_name = Audiosrv |
|
1 | |
| Control | service_name = AUDIOENDPOINTBUILDER |
|
1 | |
| Control | service_name = AUDIOENDPOINTBUILDER |
|
1 | |
| Get Display Name | database_name = SERVICES_ACTIVE_DATABASE |
|
3 | |
| Get Display Name | database_name = SERVICES_ACTIVE_DATABASE |
|
2 | |
| Get Info | service_name = AUDIOENDPOINTBUILDER |
|
2 | |
| Get Info | service_name = AUDIOENDPOINTBUILDER |
|
1 | |
| Get Info | service_name = Audiosrv |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
System (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 2500 milliseconds (2.500 seconds) |
|
2 |
Process #12: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #12 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\WINDOWS\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:00:57, Reason: Child Process |
| Unmonitor | End Time: 00:01:11, Reason: Self Terminated |
| Monitor Duration | 00:00:13 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xb0c |
| Parent PID | 0xbb4 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
F10
0x
F8C
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x17f23440002 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0x7ff79de20000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\WINDOWS\system32\net1.exe, size = 260 |
|
1 |
Service (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Control | service_name = SAMSS |
|
1 | |
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #13: werfault.exe
0
0
| Information | Value |
|---|---|
| ID | #13 |
| File Name | c:\windows\system32\werfault.exe |
| Command Line | C:\WINDOWS\system32\WerFault.exe -u -p 1788 -s 796 |
| Initial Working Directory | C:\WINDOWS\system32\ |
| Monitor | Start Time: 00:00:58, Reason: Child Process |
| Unmonitor | End Time: 00:01:24, Reason: Self Terminated |
| Monitor Duration | 00:00:26 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xf58 |
| Parent PID | 0x6fc (c:\windows\system32\sihost.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
F5C
0x
F70
0x
B10
0x
ED0
0x
1034
0x
1038
0x
103C
0x
1054
0x
1058
0x
105C
|
Process #14: searchui.exe
0
0
| Information | Value |
|---|---|
| ID | #14 |
| File Name | c:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe |
| Command Line | "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca |
| Initial Working Directory | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ |
| Monitor | Start Time: 00:01:01, Reason: Injection |
| Unmonitor | End Time: 00:01:59, Reason: Self Terminated |
| Monitor Duration | 00:00:57 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xb58 |
| Parent PID | 0x2b4 (c:\windows\system32\svchost.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Low |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
DD4
0x
DD0
0x
B74
0x
B70
0x
590
0x
578
0x
6C4
0x
6D4
0x
588
0x
828
0x
630
0x
7C4
0x
7A0
0x
438
0x
7FC
0x
778
0x
50C
0x
BF0
0x
BEC
0x
BE4
0x
BD8
0x
BCC
0x
BC8
0x
BC4
0x
BC0
0x
BB8
0x
BB4
0x
BB0
0x
BAC
0x
BA8
0x
B84
0x
B7C
0x
B6C
0x
B5C
0x
9E8
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Create Remote Thread | #1: c:\users\fd1hvy\desktop\raemq.exe | 0x49c | address = 0x7ff7199c2470 |
|
1 |
Process #15: sihost.exe
0
0
| Information | Value |
|---|---|
| ID | #15 |
| File Name | c:\windows\system32\sihost.exe |
| Command Line | sihost.exe |
| Initial Working Directory | C:\WINDOWS\system32\ |
| Monitor | Start Time: 00:01:02, Reason: Child Process |
| Unmonitor | End Time: 00:01:29, Reason: Self Terminated |
| Monitor Duration | 00:00:26 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xf84 |
| Parent PID | 0x6fc (c:\windows\system32\sihost.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeCreateGlobalPrivilege |
| Thread IDs | - |
Process #16: runtimebroker.exe
104
0
| Information | Value |
|---|---|
| ID | #16 |
| File Name | c:\windows\system32\runtimebroker.exe |
| Command Line | C:\Windows\System32\RuntimeBroker.exe -Embedding |
| Initial Working Directory | C:\WINDOWS\system32\ |
| Monitor | Start Time: 00:01:05, Reason: Injection |
| Unmonitor | End Time: 00:02:34, Reason: Self Terminated |
| Monitor Duration | 00:01:29 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xbf4 |
| Parent PID | 0x2b4 (c:\windows\system32\svchost.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
734
0x
A0C
0x
8AC
0x
57C
0x
61C
0x
BF8
0x
84
0x
F40
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| runtimebroker.exe | 0x7FF7D7FC0000 | 0x7FF7D7FD5FFF | Process Termination | - | 64-bit | - |
|
|
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #1: c:\users\fd1hvy\desktop\raemq.exe | 0x49c | address = 0x7ff7199c0000, size = 3764224 |
|
1 | |
| Create Remote Thread | #1: c:\users\fd1hvy\desktop\raemq.exe | 0x49c | address = 0x7ff7199c2470 |
|
1 |
Host Behavior
File (8)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\users\Public\sys | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
8 |
Module (78)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | kernel32.dll | base_address = 0x7ff92fdd0000 |
|
1 | |
| Load | mpr.dll | base_address = 0x7ff9232d0000 |
|
1 | |
| Load | advapi32.dll | base_address = 0x7ff931520000 |
|
1 | |
| Load | ole32.dll | base_address = 0x7ff9315e0000 |
|
1 | |
| Load | Shell32.dll | base_address = 0x7ff9300e0000 |
|
1 | |
| Load | Iphlpapi.dll | base_address = 0x7ff92da00000 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = LoadLibraryA, address_out = 0x7ff92fdee490 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetLastError, address_out = 0x7ff92fde33c0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = VirtualFree, address_out = 0x7ff92fdea3e0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptExportKey, address_out = 0x7ff931535410 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = DeleteFileW, address_out = 0x7ff92fdf2130 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetDriveTypeW, address_out = 0x7ff92fdf22c0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCommandLineW, address_out = 0x7ff92fdedbe0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetStartupInfoW, address_out = 0x7ff92fdebf50 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindNextFileW, address_out = 0x7ff92fdf2230 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = VirtualAlloc, address_out = 0x7ff92fde97f0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = GetUserNameA, address_out = 0x7ff9315622e0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = ExitProcess, address_out = 0x7ff92fdec0d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Wow64RevertWow64FsRedirection, address_out = 0x7ff92fe07cd0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateProcessA, address_out = 0x7ff92fdeb190 |
|
1 | |
| Get Address | c:\windows\system32\iphlpapi.dll | function = GetIpNetTable, address_out = 0x7ff92da0fcc0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetVersionExW, address_out = 0x7ff92fde9a70 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Wow64DisableWow64FsRedirection, address_out = 0x7ff92fe07cc0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetSystemDefaultLangID, address_out = 0x7ff92fdee860 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = GetUserNameW, address_out = 0x7ff9315353c0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = ReadFile, address_out = 0x7ff92fdf2480 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegQueryValueExA, address_out = 0x7ff9315354e0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CloseHandle, address_out = 0x7ff92fdf1ea0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegSetValueExW, address_out = 0x7ff931535370 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegCloseKey, address_out = 0x7ff931534c50 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileA, address_out = 0x7ff92fe2a370 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFileAttributesW, address_out = 0x7ff92fdf24f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WinExec, address_out = 0x7ff92fe2e3b0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptDeriveKey, address_out = 0x7ff93154a740 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptGenKey, address_out = 0x7ff931539be0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Sleep, address_out = 0x7ff92fde3410 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCurrentProcess, address_out = 0x7ff92fdf1e00 |
|
1 | |
| Get Address | c:\windows\system32\shell32.dll | function = ShellExecuteW, address_out = 0x7ff9301df5d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileSize, address_out = 0x7ff92fdf2320 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GlobalAlloc, address_out = 0x7ff92fde7fb0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindClose, address_out = 0x7ff92fdf2160 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WaitForMultipleObjects, address_out = 0x7ff92fdf2070 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleFileNameA, address_out = 0x7ff92fdee000 |
|
1 | |
| Get Address | c:\windows\system32\shell32.dll | function = ShellExecuteA, address_out = 0x7ff9302a1600 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleHandleA, address_out = 0x7ff92fdec1a0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleFileNameW, address_out = 0x7ff92fdebfa0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateFileA, address_out = 0x7ff92fdf20f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileSizeEx, address_out = 0x7ff92fdf2330 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WriteFile, address_out = 0x7ff92fdf2570 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetLogicalDrives, address_out = 0x7ff92fde8dd0 |
|
1 | |
| Get Address | c:\windows\system32\mpr.dll | function = WNetEnumResourceW, address_out = 0x7ff9232d12d0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegOpenKeyExW, address_out = 0x7ff931534aa0 |
|
1 | |
| Get Address | c:\windows\system32\mpr.dll | function = WNetCloseEnum, address_out = 0x7ff9232d14f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetWindowsDirectoryW, address_out = 0x7ff92fdee9f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFileAttributesA, address_out = 0x7ff92fdf24e0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegOpenKeyExA, address_out = 0x7ff9315353b0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFilePointer, address_out = 0x7ff92fdf2510 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetTickCount, address_out = 0x7ff92fde33d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileAttributesW, address_out = 0x7ff92fdf2300 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindFirstFileW, address_out = 0x7ff92fdf21e0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptAcquireContextW, address_out = 0x7ff931535a10 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = MoveFileExW, address_out = 0x7ff92fdeec60 |
|
1 | |
| Get Address | c:\windows\system32\mpr.dll | function = WNetOpenEnumW, address_out = 0x7ff9232d15e0 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoInitialize, address_out = 0x7ff9315e7e20 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptDecrypt, address_out = 0x7ff931539b10 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptImportKey, address_out = 0x7ff9315353f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFilePointerEx, address_out = 0x7ff92fdf2520 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileW, address_out = 0x7ff92fdf2770 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FreeLibrary, address_out = 0x7ff92fdebf60 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateProcessW, address_out = 0x7ff92fdeba30 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateDirectoryW, address_out = 0x7ff92fdf20d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateThread, address_out = 0x7ff92fde9940 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptDestroyKey, address_out = 0x7ff9315357e0 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoCreateInstance, address_out = 0x7ff92fad5110 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateFileW, address_out = 0x7ff92fdf2100 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileAttributesA, address_out = 0x7ff92fdf22d0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptEncrypt, address_out = 0x7ff93153a1a0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegDeleteValueW, address_out = 0x7ff9315382d0 |
|
1 |
System (18)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 5000 milliseconds (5.000 seconds) |
|
1 | |
| Sleep | duration = 25000 milliseconds (25.000 seconds) |
|
8 | |
| Get Info | type = Operating System |
|
1 | |
| Get Info | type = Windows Directory, result_out = C:\WINDOWS |
|
8 |
Process #17: taskhostw.exe
88
0
| Information | Value |
|---|---|
| ID | #17 |
| File Name | c:\windows\system32\taskhostw.exe |
| Command Line | taskhostw.exe |
| Initial Working Directory | C:\WINDOWS\system32\ |
| Monitor | Start Time: 00:01:06, Reason: Injection |
| Unmonitor | End Time: 00:01:55, Reason: Crashed |
| Monitor Duration | 00:00:48 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xfa0 |
| Parent PID | 0x3c0 (c:\windows\system32\svchost.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
F18
0x
A7C
0x
CBC
0x
4A8
0x
FF8
0x
FC8
0x
FC4
0x
FC0
0x
FB8
0x
FA8
0x
FA4
0x
8AC
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| buffer | 0x7FF7199C0000 | 0x7FF719D56FFF | Content Changed | - | 64-bit | 0x7FF7199CCDCC, 0x7FF7199CDD24, ... |
|
|
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Create Remote Thread | #1: c:\users\fd1hvy\desktop\raemq.exe | 0x49c | address = 0x7ff7199c2470 |
|
1 |
Host Behavior
File (2)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\users\Public\sys | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 | |
| Create | C:\users\Public\sys | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 |
Module (78)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | kernel32.dll | base_address = 0x7ff92fdd0000 |
|
1 | |
| Load | mpr.dll | base_address = 0x7ff9232d0000 |
|
1 | |
| Load | advapi32.dll | base_address = 0x7ff931520000 |
|
1 | |
| Load | ole32.dll | base_address = 0x7ff9315e0000 |
|
1 | |
| Load | Shell32.dll | base_address = 0x7ff9300e0000 |
|
1 | |
| Load | Iphlpapi.dll | base_address = 0x7ff92da00000 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = LoadLibraryA, address_out = 0x7ff92fdee490 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetLastError, address_out = 0x7ff92fde33c0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = VirtualFree, address_out = 0x7ff92fdea3e0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptExportKey, address_out = 0x7ff931535410 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = DeleteFileW, address_out = 0x7ff92fdf2130 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetDriveTypeW, address_out = 0x7ff92fdf22c0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCommandLineW, address_out = 0x7ff92fdedbe0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetStartupInfoW, address_out = 0x7ff92fdebf50 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindNextFileW, address_out = 0x7ff92fdf2230 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = VirtualAlloc, address_out = 0x7ff92fde97f0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = GetUserNameA, address_out = 0x7ff9315622e0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = ExitProcess, address_out = 0x7ff92fdec0d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Wow64RevertWow64FsRedirection, address_out = 0x7ff92fe07cd0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateProcessA, address_out = 0x7ff92fdeb190 |
|
1 | |
| Get Address | c:\windows\system32\iphlpapi.dll | function = GetIpNetTable, address_out = 0x7ff92da0fcc0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetVersionExW, address_out = 0x7ff92fde9a70 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Wow64DisableWow64FsRedirection, address_out = 0x7ff92fe07cc0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetSystemDefaultLangID, address_out = 0x7ff92fdee860 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = GetUserNameW, address_out = 0x7ff9315353c0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = ReadFile, address_out = 0x7ff92fdf2480 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegQueryValueExA, address_out = 0x7ff9315354e0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CloseHandle, address_out = 0x7ff92fdf1ea0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegSetValueExW, address_out = 0x7ff931535370 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegCloseKey, address_out = 0x7ff931534c50 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileA, address_out = 0x7ff92fe2a370 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFileAttributesW, address_out = 0x7ff92fdf24f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WinExec, address_out = 0x7ff92fe2e3b0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptDeriveKey, address_out = 0x7ff93154a740 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptGenKey, address_out = 0x7ff931539be0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Sleep, address_out = 0x7ff92fde3410 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCurrentProcess, address_out = 0x7ff92fdf1e00 |
|
1 | |
| Get Address | c:\windows\system32\shell32.dll | function = ShellExecuteW, address_out = 0x7ff9301df5d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileSize, address_out = 0x7ff92fdf2320 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GlobalAlloc, address_out = 0x7ff92fde7fb0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindClose, address_out = 0x7ff92fdf2160 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WaitForMultipleObjects, address_out = 0x7ff92fdf2070 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleFileNameA, address_out = 0x7ff92fdee000 |
|
1 | |
| Get Address | c:\windows\system32\shell32.dll | function = ShellExecuteA, address_out = 0x7ff9302a1600 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleHandleA, address_out = 0x7ff92fdec1a0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleFileNameW, address_out = 0x7ff92fdebfa0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateFileA, address_out = 0x7ff92fdf20f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileSizeEx, address_out = 0x7ff92fdf2330 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WriteFile, address_out = 0x7ff92fdf2570 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetLogicalDrives, address_out = 0x7ff92fde8dd0 |
|
1 | |
| Get Address | c:\windows\system32\mpr.dll | function = WNetEnumResourceW, address_out = 0x7ff9232d12d0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegOpenKeyExW, address_out = 0x7ff931534aa0 |
|
1 | |
| Get Address | c:\windows\system32\mpr.dll | function = WNetCloseEnum, address_out = 0x7ff9232d14f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetWindowsDirectoryW, address_out = 0x7ff92fdee9f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFileAttributesA, address_out = 0x7ff92fdf24e0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegOpenKeyExA, address_out = 0x7ff9315353b0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFilePointer, address_out = 0x7ff92fdf2510 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetTickCount, address_out = 0x7ff92fde33d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileAttributesW, address_out = 0x7ff92fdf2300 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindFirstFileW, address_out = 0x7ff92fdf21e0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptAcquireContextW, address_out = 0x7ff931535a10 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = MoveFileExW, address_out = 0x7ff92fdeec60 |
|
1 | |
| Get Address | c:\windows\system32\mpr.dll | function = WNetOpenEnumW, address_out = 0x7ff9232d15e0 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoInitialize, address_out = 0x7ff9315e7e20 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptDecrypt, address_out = 0x7ff931539b10 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptImportKey, address_out = 0x7ff9315353f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFilePointerEx, address_out = 0x7ff92fdf2520 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileW, address_out = 0x7ff92fdf2770 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FreeLibrary, address_out = 0x7ff92fdebf60 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateProcessW, address_out = 0x7ff92fdeba30 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateDirectoryW, address_out = 0x7ff92fdf20d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateThread, address_out = 0x7ff92fde9940 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptDestroyKey, address_out = 0x7ff9315357e0 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoCreateInstance, address_out = 0x7ff92fad5110 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateFileW, address_out = 0x7ff92fdf2100 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileAttributesA, address_out = 0x7ff92fdf22d0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptEncrypt, address_out = 0x7ff93153a1a0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegDeleteValueW, address_out = 0x7ff9315382d0 |
|
1 |
User (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Lookup Privilege | privilege = SeBackupPrivilege, luid = 17 |
|
1 |
System (5)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 5000 milliseconds (5.000 seconds) |
|
1 | |
| Sleep | duration = 25000 milliseconds (25.000 seconds) |
|
1 | |
| Get Info | type = Operating System |
|
1 | |
| Get Info | type = Windows Directory, result_out = C:\WINDOWS |
|
2 |
Process #18: net.exe
0
0
| Information | Value |
|---|---|
| ID | #18 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "audioendpointbuilder" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:01:06, Reason: Child Process |
| Unmonitor | End Time: 00:01:12, Reason: Self Terminated |
| Monitor Duration | 00:00:05 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xf0 |
| Parent PID | 0xf78 (c:\users\fd1hvy\desktop\raemq.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
A80
0x
FA8
|
Process #20: net.exe
0
0
| Information | Value |
|---|---|
| ID | #20 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:01:07, Reason: Child Process |
| Unmonitor | End Time: 00:01:12, Reason: Self Terminated |
| Monitor Duration | 00:00:04 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xfe8 |
| Parent PID | 0xf78 (c:\users\fd1hvy\desktop\raemq.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
FB0
0x
EA8
|
Process #22: msoia.exe
0
0
| Information | Value |
|---|---|
| ID | #22 |
| File Name | c:\program files\microsoft office\root\office16\msoia.exe |
| Command Line | "C:\Program Files\Microsoft Office\root\Office16\msoia.exe" scan upload mininterval:2880 |
| Initial Working Directory | C:\WINDOWS\system32\ |
| Monitor | Start Time: 00:01:08, Reason: Injection |
| Unmonitor | End Time: 00:01:13, Reason: Self Terminated |
| Monitor Duration | 00:00:05 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xfd4 |
| Parent PID | 0x3c0 (c:\windows\system32\svchost.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
A28
0x
FD8
0x
A28
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Create Remote Thread | #1: c:\users\fd1hvy\desktop\raemq.exe | 0x49c | address = 0x7ff7199c2470 |
|
1 |
Process #23: msoia.exe
0
0
| Information | Value |
|---|---|
| ID | #23 |
| File Name | c:\program files\microsoft office\root\office16\msoia.exe |
| Command Line | "C:\Program Files\Microsoft Office\root\Office16\msoia.exe" scan upload |
| Initial Working Directory | C:\WINDOWS\system32\ |
| Monitor | Start Time: 00:01:09, Reason: Injection |
| Unmonitor | End Time: 00:01:45, Reason: Self Terminated |
| Monitor Duration | 00:00:35 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x390 |
| Parent PID | 0x3c0 (c:\windows\system32\svchost.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
C58
0x
D20
0x
4B8
0x
E38
0x
10C0
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| msoia.exe | 0x7FF691BF0000 | 0x7FF691C59FFF | Process Termination | - | 64-bit | - |
|
|
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Create Remote Thread | #1: c:\users\fd1hvy\desktop\raemq.exe | 0x49c | address = 0x7ff7199c2470 |
|
1 |
Process #24: net1.exe
39
0
| Information | Value |
|---|---|
| ID | #24 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\WINDOWS\system32\net1 stop "audioendpointbuilder" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:01:09, Reason: Child Process |
| Unmonitor | End Time: 00:01:11, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xfe4 |
| Parent PID | 0xf0 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
D5C
0x
100C
|
Host Behavior
File (20)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
5 | |
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 169 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 2 |
|
3 | |
| Write | STD_OUTPUT_HANDLE | size = 16 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 35 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x2931a6f0002 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0x7ff79de20000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\WINDOWS\system32\net1.exe, size = 260 |
|
1 |
Service (16)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Control | service_name = AUDIOENDPOINTBUILDER |
|
1 | |
| Control | service_name = Audiosrv |
|
1 | |
| Control | service_name = Audiosrv |
|
1 | |
| Get Display Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Get Info | service_name = AUDIOENDPOINTBUILDER |
|
1 | |
| Get Info | service_name = AUDIOENDPOINTBUILDER |
|
1 | |
| Get Info | service_name = Audiosrv |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #25: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #25 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\WINDOWS\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:01:09, Reason: Child Process |
| Unmonitor | End Time: 00:01:12, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x1004 |
| Parent PID | 0xfe8 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
1008
0x
1014
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x1eb86cd0002 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0x7ff79de20000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\WINDOWS\system32\net1.exe, size = 260 |
|
1 |
Service (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Control | service_name = SAMSS |
|
1 | |
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #26: apphostregistrationverifier.exe
0
0
| Information | Value |
|---|---|
| ID | #26 |
| File Name | c:\windows\system32\apphostregistrationverifier.exe |
| Command Line | C:\WINDOWS\system32\AppHostRegistrationVerifier.exe |
| Initial Working Directory | C:\WINDOWS\system32\ |
| Monitor | Start Time: 00:01:10, Reason: Injection |
| Unmonitor | End Time: 00:01:27, Reason: Self Terminated |
| Monitor Duration | 00:00:17 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x4b0 |
| Parent PID | 0x3c0 (c:\windows\system32\svchost.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
EF0
0x
EB8
0x
EC0
0x
3D8
0x
D9C
0x
4A4
0x
1010
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| apphostregistrationverifier.exe | 0x7FF7D98D0000 | 0x7FF7D98EDFFF | Process Termination | - | 64-bit | - |
|
|
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Create Remote Thread | #1: c:\users\fd1hvy\desktop\raemq.exe | 0x49c | address = 0x7ff7199c2470 |
|
1 |
Process #28: dllhost.exe
83
0
| Information | Value |
|---|---|
| ID | #28 |
| File Name | c:\windows\system32\dllhost.exe |
| Command Line | C:\WINDOWS\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} |
| Initial Working Directory | C:\WINDOWS\system32\ |
| Monitor | Start Time: 00:01:17, Reason: Injection |
| Unmonitor | End Time: 00:01:33, Reason: Self Terminated |
| Monitor Duration | 00:00:16 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xd28 |
| Parent PID | 0x2b4 (c:\windows\system32\svchost.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
D78
0x
DDC
0x
58
0x
A60
0x
DC8
0x
AC4
0x
C30
0x
1060
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| dllhost.exe | 0x7FF6FB010000 | 0x7FF6FB018FFF | Process Termination | - | 64-bit | - |
|
|
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #1: c:\users\fd1hvy\desktop\raemq.exe | 0x49c | address = 0x7ff7199c0000, size = 3764224 |
|
1 | |
| Create Remote Thread | #1: c:\users\fd1hvy\desktop\raemq.exe | 0x49c | address = 0x7ff7199c2470 |
|
1 |
Host Behavior
File (1)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\users\Public\sys | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 |
Module (78)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | kernel32.dll | base_address = 0x7ff92fdd0000 |
|
1 | |
| Load | mpr.dll | base_address = 0x7ff9232d0000 |
|
1 | |
| Load | advapi32.dll | base_address = 0x7ff931520000 |
|
1 | |
| Load | ole32.dll | base_address = 0x7ff9315e0000 |
|
1 | |
| Load | Shell32.dll | base_address = 0x7ff9300e0000 |
|
1 | |
| Load | Iphlpapi.dll | base_address = 0x7ff92da00000 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = LoadLibraryA, address_out = 0x7ff92fdee490 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetLastError, address_out = 0x7ff92fde33c0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = VirtualFree, address_out = 0x7ff92fdea3e0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptExportKey, address_out = 0x7ff931535410 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = DeleteFileW, address_out = 0x7ff92fdf2130 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetDriveTypeW, address_out = 0x7ff92fdf22c0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCommandLineW, address_out = 0x7ff92fdedbe0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetStartupInfoW, address_out = 0x7ff92fdebf50 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindNextFileW, address_out = 0x7ff92fdf2230 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = VirtualAlloc, address_out = 0x7ff92fde97f0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = GetUserNameA, address_out = 0x7ff9315622e0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = ExitProcess, address_out = 0x7ff92fdec0d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Wow64RevertWow64FsRedirection, address_out = 0x7ff92fe07cd0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateProcessA, address_out = 0x7ff92fdeb190 |
|
1 | |
| Get Address | c:\windows\system32\iphlpapi.dll | function = GetIpNetTable, address_out = 0x7ff92da0fcc0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetVersionExW, address_out = 0x7ff92fde9a70 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Wow64DisableWow64FsRedirection, address_out = 0x7ff92fe07cc0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetSystemDefaultLangID, address_out = 0x7ff92fdee860 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = GetUserNameW, address_out = 0x7ff9315353c0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = ReadFile, address_out = 0x7ff92fdf2480 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegQueryValueExA, address_out = 0x7ff9315354e0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CloseHandle, address_out = 0x7ff92fdf1ea0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegSetValueExW, address_out = 0x7ff931535370 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegCloseKey, address_out = 0x7ff931534c50 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileA, address_out = 0x7ff92fe2a370 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFileAttributesW, address_out = 0x7ff92fdf24f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WinExec, address_out = 0x7ff92fe2e3b0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptDeriveKey, address_out = 0x7ff93154a740 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptGenKey, address_out = 0x7ff931539be0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Sleep, address_out = 0x7ff92fde3410 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCurrentProcess, address_out = 0x7ff92fdf1e00 |
|
1 | |
| Get Address | c:\windows\system32\shell32.dll | function = ShellExecuteW, address_out = 0x7ff9301df5d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileSize, address_out = 0x7ff92fdf2320 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GlobalAlloc, address_out = 0x7ff92fde7fb0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindClose, address_out = 0x7ff92fdf2160 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WaitForMultipleObjects, address_out = 0x7ff92fdf2070 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleFileNameA, address_out = 0x7ff92fdee000 |
|
1 | |
| Get Address | c:\windows\system32\shell32.dll | function = ShellExecuteA, address_out = 0x7ff9302a1600 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleHandleA, address_out = 0x7ff92fdec1a0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleFileNameW, address_out = 0x7ff92fdebfa0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateFileA, address_out = 0x7ff92fdf20f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileSizeEx, address_out = 0x7ff92fdf2330 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WriteFile, address_out = 0x7ff92fdf2570 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetLogicalDrives, address_out = 0x7ff92fde8dd0 |
|
1 | |
| Get Address | c:\windows\system32\mpr.dll | function = WNetEnumResourceW, address_out = 0x7ff9232d12d0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegOpenKeyExW, address_out = 0x7ff931534aa0 |
|
1 | |
| Get Address | c:\windows\system32\mpr.dll | function = WNetCloseEnum, address_out = 0x7ff9232d14f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetWindowsDirectoryW, address_out = 0x7ff92fdee9f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFileAttributesA, address_out = 0x7ff92fdf24e0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegOpenKeyExA, address_out = 0x7ff9315353b0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFilePointer, address_out = 0x7ff92fdf2510 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetTickCount, address_out = 0x7ff92fde33d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileAttributesW, address_out = 0x7ff92fdf2300 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindFirstFileW, address_out = 0x7ff92fdf21e0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptAcquireContextW, address_out = 0x7ff931535a10 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = MoveFileExW, address_out = 0x7ff92fdeec60 |
|
1 | |
| Get Address | c:\windows\system32\mpr.dll | function = WNetOpenEnumW, address_out = 0x7ff9232d15e0 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoInitialize, address_out = 0x7ff9315e7e20 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptDecrypt, address_out = 0x7ff931539b10 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptImportKey, address_out = 0x7ff9315353f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFilePointerEx, address_out = 0x7ff92fdf2520 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileW, address_out = 0x7ff92fdf2770 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FreeLibrary, address_out = 0x7ff92fdebf60 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateProcessW, address_out = 0x7ff92fdeba30 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateDirectoryW, address_out = 0x7ff92fdf20d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateThread, address_out = 0x7ff92fde9940 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptDestroyKey, address_out = 0x7ff9315357e0 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoCreateInstance, address_out = 0x7ff92fad5110 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateFileW, address_out = 0x7ff92fdf2100 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileAttributesA, address_out = 0x7ff92fdf22d0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptEncrypt, address_out = 0x7ff93153a1a0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegDeleteValueW, address_out = 0x7ff9315382d0 |
|
1 |
System (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 5000 milliseconds (5.000 seconds) |
|
1 | |
| Sleep | duration = 25000 milliseconds (25.000 seconds) |
|
1 | |
| Get Info | type = Operating System |
|
1 | |
| Get Info | type = Windows Directory, result_out = C:\WINDOWS |
|
1 |
Process #29: net.exe
0
0
| Information | Value |
|---|---|
| ID | #29 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:01:18, Reason: Child Process |
| Unmonitor | End Time: 00:01:19, Reason: Self Terminated |
| Monitor Duration | 00:00:00 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x1078 |
| Parent PID | 0xf78 (c:\users\fd1hvy\desktop\raemq.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
107C
0x
1098
|
Process #31: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #31 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\WINDOWS\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:01:18, Reason: Child Process |
| Unmonitor | End Time: 00:01:19, Reason: Self Terminated |
| Monitor Duration | 00:00:00 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x109c |
| Parent PID | 0x1078 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
10A0
0x
10A4
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x1a293450002 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0x7ff79de20000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\WINDOWS\system32\net1.exe, size = 260 |
|
1 |
Service (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Control | service_name = SAMSS |
|
1 | |
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #32: werfault.exe
0
0
| Information | Value |
|---|---|
| ID | #32 |
| File Name | c:\windows\system32\werfault.exe |
| Command Line | C:\WINDOWS\system32\WerFault.exe -u -p 4000 -s 316 |
| Initial Working Directory | C:\WINDOWS\system32\ |
| Monitor | Start Time: 00:01:25, Reason: Child Process |
| Unmonitor | End Time: 00:01:53, Reason: Self Terminated |
| Monitor Duration | 00:00:28 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x10c8 |
| Parent PID | 0xfa0 (c:\windows\system32\taskhostw.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
10CC
0x
10D4
0x
10DC
0x
1A4
0x
E88
0x
11EC
0x
1660
0x
1664
|
Process #33: net.exe
0
0
| Information | Value |
|---|---|
| ID | #33 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:01:28, Reason: Child Process |
| Unmonitor | End Time: 00:01:32, Reason: Self Terminated |
| Monitor Duration | 00:00:03 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x10e4 |
| Parent PID | 0xf78 (c:\users\fd1hvy\desktop\raemq.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
10E8
0x
1128
|
Process #35: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #35 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\WINDOWS\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:01:30, Reason: Child Process |
| Unmonitor | End Time: 00:01:32, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x11cc |
| Parent PID | 0x10e4 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
11D0
0x
11EC
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x2121f470002 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0x7ff79de20000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\WINDOWS\system32\net1.exe, size = 260 |
|
1 |
Service (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Control | service_name = SAMSS |
|
1 | |
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #36: net.exe
0
0
| Information | Value |
|---|---|
| ID | #36 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:01:30, Reason: Child Process |
| Unmonitor | End Time: 00:01:32, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x11d4 |
| Parent PID | 0xf78 (c:\users\fd1hvy\desktop\raemq.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
11D8
0x
11F8
|
Process #38: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #38 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\WINDOWS\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:01:31, Reason: Child Process |
| Unmonitor | End Time: 00:01:32, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x11fc |
| Parent PID | 0x11d4 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
1200
0x
1204
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x180a7580002 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0x7ff79de20000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\WINDOWS\system32\net1.exe, size = 260 |
|
1 |
Service (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Control | service_name = SAMSS |
|
1 | |
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #39: net.exe
0
0
| Information | Value |
|---|---|
| ID | #39 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:01:40, Reason: Child Process |
| Unmonitor | End Time: 00:01:48, Reason: Self Terminated |
| Monitor Duration | 00:00:07 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x13e4 |
| Parent PID | 0xf78 (c:\users\fd1hvy\desktop\raemq.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
13E8
0x
1090
|
Process #41: net.exe
0
0
| Information | Value |
|---|---|
| ID | #41 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:01:42, Reason: Child Process |
| Unmonitor | End Time: 00:01:48, Reason: Self Terminated |
| Monitor Duration | 00:00:06 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xb80 |
| Parent PID | 0xf78 (c:\users\fd1hvy\desktop\raemq.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
A9C
0x
AB4
|
Process #43: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #43 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\WINDOWS\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:01:43, Reason: Child Process |
| Unmonitor | End Time: 00:01:47, Reason: Self Terminated |
| Monitor Duration | 00:00:03 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xff0 |
| Parent PID | 0x13e4 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
F84
0x
10E0
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x1cd07890002 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0x7ff79de20000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\WINDOWS\system32\net1.exe, size = 260 |
|
1 |
Service (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Control | service_name = SAMSS |
|
1 | |
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #44: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #44 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\WINDOWS\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:01:45, Reason: Child Process |
| Unmonitor | End Time: 00:01:48, Reason: Self Terminated |
| Monitor Duration | 00:00:03 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x1200 |
| Parent PID | 0xb80 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
1204
0x
58
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x251b5670002 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0x7ff79de20000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\WINDOWS\system32\net1.exe, size = 260 |
|
1 |
Service (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Control | service_name = SAMSS |
|
1 | |
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #45: net.exe
0
0
| Information | Value |
|---|---|
| ID | #45 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:01:52, Reason: Child Process |
| Unmonitor | End Time: 00:01:57, Reason: Self Terminated |
| Monitor Duration | 00:00:04 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x1900 |
| Parent PID | 0xf78 (c:\users\fd1hvy\desktop\raemq.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
1904
0x
1BD0
|
Process #47: net.exe
0
0
| Information | Value |
|---|---|
| ID | #47 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:01:55, Reason: Child Process |
| Unmonitor | End Time: 00:01:57, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x1a50 |
| Parent PID | 0xf78 (c:\users\fd1hvy\desktop\raemq.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
1A54
0x
1BF4
|
Process #49: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #49 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\WINDOWS\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:01:56, Reason: Child Process |
| Unmonitor | End Time: 00:01:57, Reason: Self Terminated |
| Monitor Duration | 00:00:00 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x1bec |
| Parent PID | 0x1900 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
1BF0
0x
1BF8
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x1e7ea830002 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0x7ff79de20000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\WINDOWS\system32\net1.exe, size = 260 |
|
1 |
Service (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Control | service_name = SAMSS |
|
1 | |
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #50: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #50 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\WINDOWS\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:01:56, Reason: Child Process |
| Unmonitor | End Time: 00:01:57, Reason: Self Terminated |
| Monitor Duration | 00:00:00 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x1bfc |
| Parent PID | 0x1a50 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
11EC
0x
F40
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x2a422fe0002 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0x7ff79de20000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\WINDOWS\system32\net1.exe, size = 260 |
|
1 |
Service (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Control | service_name = SAMSS |
|
1 | |
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #51: werfault.exe
0
0
| Information | Value |
|---|---|
| ID | #51 |
| File Name | c:\windows\system32\werfault.exe |
| Command Line | C:\WINDOWS\system32\WerFault.exe -u -p 1964 -s 1432 |
| Initial Working Directory | C:\WINDOWS\system32\ |
| Monitor | Start Time: 00:02:04, Reason: Child Process |
| Unmonitor | End Time: 00:03:31, Reason: Self Terminated |
| Monitor Duration | 00:01:26 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x1e18 |
| Parent PID | 0x7ac (c:\windows\system32\taskhostw.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
1E1C
0x
1E20
0x
202C
0x
32CC
0x
41AC
0x
447C
0x
44F4
0x
69AC
0x
7498
|
Process #52: net.exe
0
0
| Information | Value |
|---|---|
| ID | #52 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:02:08, Reason: Child Process |
| Unmonitor | End Time: 00:02:18, Reason: Self Terminated |
| Monitor Duration | 00:00:10 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x2018 |
| Parent PID | 0xf78 (c:\users\fd1hvy\desktop\raemq.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
201C
0x
2264
|
Process #54: net.exe
0
0
| Information | Value |
|---|---|
| ID | #54 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:02:08, Reason: Child Process |
| Unmonitor | End Time: 00:02:18, Reason: Self Terminated |
| Monitor Duration | 00:00:10 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x2030 |
| Parent PID | 0xf78 (c:\users\fd1hvy\desktop\raemq.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
2034
0x
22A4
|
Process #57: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #57 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\WINDOWS\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:02:13, Reason: Child Process |
| Unmonitor | End Time: 00:02:18, Reason: Self Terminated |
| Monitor Duration | 00:00:05 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x2338 |
| Parent PID | 0x2018 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
233C
0x
242C
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x12c929d0002 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0x7ff79de20000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\WINDOWS\system32\net1.exe, size = 260 |
|
1 |
Service (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Control | service_name = SAMSS |
|
1 | |
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #58: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #58 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\WINDOWS\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:02:13, Reason: Child Process |
| Unmonitor | End Time: 00:02:18, Reason: Self Terminated |
| Monitor Duration | 00:00:05 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x2340 |
| Parent PID | 0x2030 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
2344
0x
24B4
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x20422110002 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0x7ff79de20000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\WINDOWS\system32\net1.exe, size = 260 |
|
1 |
Service (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Control | service_name = SAMSS |
|
1 | |
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #59: net.exe
0
0
| Information | Value |
|---|---|
| ID | #59 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:02:22, Reason: Child Process |
| Unmonitor | End Time: 00:02:31, Reason: Self Terminated |
| Monitor Duration | 00:00:09 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x2020 |
| Parent PID | 0xf78 (c:\users\fd1hvy\desktop\raemq.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
37C
0x
3200
|
Process #60: net.exe
0
0
| Information | Value |
|---|---|
| ID | #60 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:02:22, Reason: Child Process |
| Unmonitor | End Time: 00:02:31, Reason: Self Terminated |
| Monitor Duration | 00:00:09 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x1ca4 |
| Parent PID | 0xf78 (c:\users\fd1hvy\desktop\raemq.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
21A0
0x
3204
|
Process #63: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #63 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\WINDOWS\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:02:25, Reason: Child Process |
| Unmonitor | End Time: 00:02:31, Reason: Self Terminated |
| Monitor Duration | 00:00:06 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x3208 |
| Parent PID | 0x2020 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
320C
0x
32CC
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x20f64bc0002 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0x7ff79de20000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\WINDOWS\system32\net1.exe, size = 260 |
|
1 |
Service (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Control | service_name = SAMSS |
|
1 | |
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #64: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #64 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\WINDOWS\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:02:25, Reason: Child Process |
| Unmonitor | End Time: 00:02:31, Reason: Self Terminated |
| Monitor Duration | 00:00:06 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x3214 |
| Parent PID | 0x1ca4 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
3218
0x
32D0
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x1e6664b0002 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0x7ff79de20000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\WINDOWS\system32\net1.exe, size = 260 |
|
1 |
Service (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Control | service_name = SAMSS |
|
1 | |
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #65: net.exe
0
0
| Information | Value |
|---|---|
| ID | #65 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:02:35, Reason: Child Process |
| Unmonitor | End Time: 00:02:48, Reason: Self Terminated |
| Monitor Duration | 00:00:13 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x4340 |
| Parent PID | 0xf78 (c:\users\fd1hvy\desktop\raemq.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
4344
0x
4384
|
Process #66: net.exe
0
0
| Information | Value |
|---|---|
| ID | #66 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:02:35, Reason: Child Process |
| Unmonitor | End Time: 00:02:49, Reason: Self Terminated |
| Monitor Duration | 00:00:14 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x4348 |
| Parent PID | 0xf78 (c:\users\fd1hvy\desktop\raemq.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
434C
0x
4388
|
Process #69: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #69 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\WINDOWS\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:02:36, Reason: Child Process |
| Unmonitor | End Time: 00:02:47, Reason: Self Terminated |
| Monitor Duration | 00:00:11 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x438c |
| Parent PID | 0x4340 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
4390
0x
57C
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x250ca610002 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0x7ff79de20000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\WINDOWS\system32\net1.exe, size = 260 |
|
1 |
Service (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Control | service_name = SAMSS |
|
1 | |
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #70: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #70 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\WINDOWS\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:02:36, Reason: Child Process |
| Unmonitor | End Time: 00:02:48, Reason: Self Terminated |
| Monitor Duration | 00:00:12 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x4394 |
| Parent PID | 0x4348 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
4398
0x
4440
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x1bf482f0002 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0x7ff79de20000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\WINDOWS\system32\net1.exe, size = 260 |
|
1 |
Service (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Control | service_name = SAMSS |
|
1 | |
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #71: net.exe
0
0
| Information | Value |
|---|---|
| ID | #71 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:02:49, Reason: Child Process |
| Unmonitor | End Time: 00:02:56, Reason: Self Terminated |
| Monitor Duration | 00:00:06 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x437c |
| Parent PID | 0xf78 (c:\users\fd1hvy\desktop\raemq.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
4348
0x
521C
|
Process #72: net.exe
0
0
| Information | Value |
|---|---|
| ID | #72 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:02:50, Reason: Child Process |
| Unmonitor | End Time: 00:02:56, Reason: Self Terminated |
| Monitor Duration | 00:00:05 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x4c80 |
| Parent PID | 0xf78 (c:\users\fd1hvy\desktop\raemq.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
4C84
0x
5220
|
Process #75: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #75 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\WINDOWS\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:02:52, Reason: Child Process |
| Unmonitor | End Time: 00:02:56, Reason: Self Terminated |
| Monitor Duration | 00:00:03 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x53b4 |
| Parent PID | 0x437c (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
53B8
0x
5648
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x15cc6ab0002 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0x7ff79de20000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\WINDOWS\system32\net1.exe, size = 260 |
|
1 |
Service (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Control | service_name = SAMSS |
|
1 | |
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #76: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #76 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\WINDOWS\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:02:53, Reason: Child Process |
| Unmonitor | End Time: 00:02:56, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x54b8 |
| Parent PID | 0x4c80 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
54BC
0x
56CC
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x144c81e0002 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0x7ff79de20000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\WINDOWS\system32\net1.exe, size = 260 |
|
1 |
Service (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Control | service_name = SAMSS |
|
1 | |
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #77: net.exe
0
0
| Information | Value |
|---|---|
| ID | #77 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:03:04, Reason: Child Process |
| Unmonitor | End Time: 00:03:15, Reason: Self Terminated |
| Monitor Duration | 00:00:11 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x61b4 |
| Parent PID | 0xf78 (c:\users\fd1hvy\desktop\raemq.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
61B8
0x
6614
|
Process #78: net.exe
0
0
| Information | Value |
|---|---|
| ID | #78 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:03:04, Reason: Child Process |
| Unmonitor | End Time: 00:03:15, Reason: Self Terminated |
| Monitor Duration | 00:00:11 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x6248 |
| Parent PID | 0xf78 (c:\users\fd1hvy\desktop\raemq.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
624C
0x
669C
|
Process #81: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #81 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\WINDOWS\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:03:09, Reason: Child Process |
| Unmonitor | End Time: 00:03:15, Reason: Self Terminated |
| Monitor Duration | 00:00:06 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x67cc |
| Parent PID | 0x61b4 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
67D0
0x
691C
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x2cafa5f0002 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0x7ff79de20000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\WINDOWS\system32\net1.exe, size = 260 |
|
1 |
Service (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Control | service_name = SAMSS |
|
1 | |
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #82: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #82 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\WINDOWS\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:03:09, Reason: Child Process |
| Unmonitor | End Time: 00:03:15, Reason: Self Terminated |
| Monitor Duration | 00:00:06 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x67d4 |
| Parent PID | 0x6248 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
67D8
0x
69A8
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x1e7eedd0002 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0x7ff79de20000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\WINDOWS\system32\net1.exe, size = 260 |
|
1 |
Service (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Control | service_name = SAMSS |
|
1 | |
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #83: net.exe
0
0
| Information | Value |
|---|---|
| ID | #83 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:03:19, Reason: Child Process |
| Unmonitor | End Time: 00:03:38, Reason: Self Terminated |
| Monitor Duration | 00:00:18 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x6c54 |
| Parent PID | 0xf78 (c:\users\fd1hvy\desktop\raemq.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
6C58
0x
6F40
|
Process #84: net.exe
0
0
| Information | Value |
|---|---|
| ID | #84 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:03:19, Reason: Child Process |
| Unmonitor | End Time: 00:03:38, Reason: Self Terminated |
| Monitor Duration | 00:00:18 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x6c5c |
| Parent PID | 0xf78 (c:\users\fd1hvy\desktop\raemq.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
6C60
0x
6FB8
|
Process #87: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #87 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\WINDOWS\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:03:22, Reason: Child Process |
| Unmonitor | End Time: 00:03:37, Reason: Self Terminated |
| Monitor Duration | 00:00:14 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x7058 |
| Parent PID | 0x6c54 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
705C
0x
720C
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x20b96cd0002 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0x7ff79de20000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\WINDOWS\system32\net1.exe, size = 260 |
|
1 |
Service (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Control | service_name = SAMSS |
|
1 | |
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #88: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #88 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\WINDOWS\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:03:22, Reason: Child Process |
| Unmonitor | End Time: 00:03:37, Reason: Self Terminated |
| Monitor Duration | 00:00:14 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x709c |
| Parent PID | 0x6c5c (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
70A0
0x
7288
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x22e0f240002 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0x7ff79de20000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\WINDOWS\system32\net1.exe, size = 260 |
|
1 |
Service (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Control | service_name = SAMSS |
|
1 | |
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #89: werfault.exe
0
0
| Information | Value |
|---|---|
| ID | #89 |
| File Name | c:\windows\system32\werfault.exe |
| Command Line | C:\WINDOWS\system32\WerFault.exe -u -p 1816 -s 1548 |
| Initial Working Directory | C:\WINDOWS\system32\ |
| Monitor | Start Time: 00:03:41, Reason: Child Process |
| Unmonitor | End Time: 00:04:44, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:02 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x7aa0 |
| Parent PID | 0x718 (c:\windows\system32\svchost.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
7AA4
0x
7AC8
0x
7D64
0x
A0E4
0x
A498
0x
AF18
0x
D0E4
0x
DB50
0x
DDA4
|
Process #90: net.exe
0
0
| Information | Value |
|---|---|
| ID | #90 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:03:43, Reason: Child Process |
| Unmonitor | End Time: 00:04:00, Reason: Self Terminated |
| Monitor Duration | 00:00:16 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x7bc8 |
| Parent PID | 0xf78 (c:\users\fd1hvy\desktop\raemq.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
7BCC
0x
7CE8
|
Process #91: net.exe
0
0
| Information | Value |
|---|---|
| ID | #91 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:03:44, Reason: Child Process |
| Unmonitor | End Time: 00:04:01, Reason: Self Terminated |
| Monitor Duration | 00:00:16 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x51c |
| Parent PID | 0xf78 (c:\users\fd1hvy\desktop\raemq.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
814
0x
7D58
|
Process #94: svchost.exe
0
0
| Information | Value |
|---|---|
| ID | #94 |
| File Name | c:\windows\system32\svchost.exe |
| Command Line | C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup |
| Initial Working Directory | C:\WINDOWS\system32\ |
| Monitor | Start Time: 00:03:48, Reason: Child Process |
| Unmonitor | End Time: 00:04:44, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:55 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x7cd4 |
| Parent PID | 0x718 (c:\windows\system32\svchost.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeCreateGlobalPrivilege |
| Thread IDs | - |
Process #95: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #95 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\WINDOWS\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:03:48, Reason: Child Process |
| Unmonitor | End Time: 00:03:59, Reason: Self Terminated |
| Monitor Duration | 00:00:10 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x7d5c |
| Parent PID | 0x7bc8 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
7D60
0x
7E90
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x2277bde0002 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0x7ff79de20000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\WINDOWS\system32\net1.exe, size = 260 |
|
1 |
Service (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Control | service_name = SAMSS |
|
1 | |
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #96: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #96 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\WINDOWS\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:03:50, Reason: Child Process |
| Unmonitor | End Time: 00:04:00, Reason: Self Terminated |
| Monitor Duration | 00:00:10 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x7dcc |
| Parent PID | 0x51c (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
7DD0
0x
7F50
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x25c088b0002 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0x7ff79de20000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\WINDOWS\system32\net1.exe, size = 260 |
|
1 |
Service (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Control | service_name = SAMSS |
|
1 | |
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #97: net.exe
0
0
| Information | Value |
|---|---|
| ID | #97 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:04:00, Reason: Child Process |
| Unmonitor | End Time: 00:04:05, Reason: Self Terminated |
| Monitor Duration | 00:00:04 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x86c0 |
| Parent PID | 0xf78 (c:\users\fd1hvy\desktop\raemq.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
86C4
0x
8A14
|
Process #98: net.exe
0
0
| Information | Value |
|---|---|
| ID | #98 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:04:01, Reason: Child Process |
| Unmonitor | End Time: 00:04:05, Reason: Self Terminated |
| Monitor Duration | 00:00:04 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x8708 |
| Parent PID | 0xf78 (c:\users\fd1hvy\desktop\raemq.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
870C
0x
8994
|
Process #101: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #101 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\WINDOWS\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:04:03, Reason: Child Process |
| Unmonitor | End Time: 00:04:05, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x8aa4 |
| Parent PID | 0x8708 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
8AA8
0x
8AAC
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x1e2b38f0002 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0x7ff79de20000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\WINDOWS\system32\net1.exe, size = 260 |
|
1 |
Service (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Control | service_name = SAMSS |
|
1 | |
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #102: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #102 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\WINDOWS\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:04:03, Reason: Child Process |
| Unmonitor | End Time: 00:04:05, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x8ab4 |
| Parent PID | 0x86c0 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
8AB8
0x
8C18
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x21873a30002 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0x7ff79de20000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\WINDOWS\system32\net1.exe, size = 260 |
|
1 |
Service (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Control | service_name = SAMSS |
|
1 | |
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #103: net.exe
0
0
| Information | Value |
|---|---|
| ID | #103 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:04:14, Reason: Child Process |
| Unmonitor | End Time: 00:04:18, Reason: Self Terminated |
| Monitor Duration | 00:00:04 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x9810 |
| Parent PID | 0xf78 (c:\users\fd1hvy\desktop\raemq.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
9814
0x
998C
|
Process #104: net.exe
0
0
| Information | Value |
|---|---|
| ID | #104 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:04:14, Reason: Child Process |
| Unmonitor | End Time: 00:04:20, Reason: Self Terminated |
| Monitor Duration | 00:00:05 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x98c4 |
| Parent PID | 0xf78 (c:\users\fd1hvy\desktop\raemq.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
98C8
0x
9994
|
Process #107: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #107 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\WINDOWS\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:04:15, Reason: Child Process |
| Unmonitor | End Time: 00:04:18, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x9998 |
| Parent PID | 0x9810 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
999C
0x
99A0
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x1b1242e0002 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0x7ff79de20000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\WINDOWS\system32\net1.exe, size = 260 |
|
1 |
Service (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Control | service_name = SAMSS |
|
1 | |
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #108: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #108 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\WINDOWS\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:04:15, Reason: Child Process |
| Unmonitor | End Time: 00:04:18, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x99a4 |
| Parent PID | 0x98c4 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
99A8
0x
9AAC
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x1a216d70002 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0x7ff79de20000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\WINDOWS\system32\net1.exe, size = 260 |
|
1 |
Service (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Control | service_name = SAMSS |
|
1 | |
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #110: net.exe
0
0
| Information | Value |
|---|---|
| ID | #110 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:04:29, Reason: Child Process |
| Unmonitor | End Time: 00:04:31, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xd448 |
| Parent PID | 0xf78 (c:\users\fd1hvy\desktop\raemq.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
D44C
0x
D488
|
Process #111: net.exe
0
0
| Information | Value |
|---|---|
| ID | #111 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:04:29, Reason: Child Process |
| Unmonitor | End Time: 00:04:31, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xd450 |
| Parent PID | 0xf78 (c:\users\fd1hvy\desktop\raemq.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
D454
0x
D48C
|
Process #114: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #114 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\WINDOWS\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:04:30, Reason: Child Process |
| Unmonitor | End Time: 00:04:31, Reason: Self Terminated |
| Monitor Duration | 00:00:00 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xd490 |
| Parent PID | 0xd448 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
D494
0x
D4A4
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x222c4350002 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0x7ff79de20000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\WINDOWS\system32\net1.exe, size = 260 |
|
1 |
Service (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Control | service_name = SAMSS |
|
1 | |
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #115: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #115 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\WINDOWS\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:04:30, Reason: Child Process |
| Unmonitor | End Time: 00:04:31, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xd498 |
| Parent PID | 0xd450 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
D49C
0x
D4A0
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x1f1ffc30002 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0x7ff79de20000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\WINDOWS\system32\net1.exe, size = 260 |
|
1 |
Service (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Control | service_name = SAMSS |
|
1 | |
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #116: net.exe
0
0
| Information | Value |
|---|---|
| ID | #116 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:04:40, Reason: Child Process |
| Unmonitor | End Time: 00:04:44, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:03 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xdcc0 |
| Parent PID | 0xf78 (c:\users\fd1hvy\desktop\raemq.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
DCC4
0x
DD7C
|
Process #117: net.exe
0
0
| Information | Value |
|---|---|
| ID | #117 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:04:40, Reason: Child Process |
| Unmonitor | End Time: 00:04:44, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:03 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xdcc8 |
| Parent PID | 0xf78 (c:\users\fd1hvy\desktop\raemq.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
DCCC
0x
DD84
|
Process #120: net1.exe
18
0
| Information | Value |
|---|---|
| ID | #120 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\WINDOWS\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:04:42, Reason: Child Process |
| Unmonitor | End Time: 00:04:44, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xdde0 |
| Parent PID | 0xdcc0 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
DDE4
0x
DEBC
|
Host Behavior
File (8)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
3 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x1e820050002 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0x7ff79de20000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\WINDOWS\system32\net1.exe, size = 260 |
|
1 |
Service (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Control | service_name = SAMSS |
|
1 | |
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #121: net1.exe
18
0
| Information | Value |
|---|---|
| ID | #121 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\WINDOWS\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:04:42, Reason: Child Process |
| Unmonitor | End Time: 00:04:44, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xde18 |
| Parent PID | 0xdcc8 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
DE1C
0x
DEC0
|
Host Behavior
File (8)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
3 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x1e41d5a0002 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0x7ff79de20000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\WINDOWS\system32\net1.exe, size = 260 |
|
1 |
Service (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Control | service_name = SAMSS |
|
1 | |
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
